Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware in google Chrome. [Closed]

Started by nishantsah , Jul 19 2015 07:57 AM
chrome shopping deals

  • This topic is locked This topic is locked

#1
nishantsah
Posted 19 July 2015 - 07:57 AM

nishantsah

    New Member

  • Member
  • Pip
  • 1 posts

My google chrome has a malware which creates additional pop ups which were never there. I am posting the required files here.

 

Untitled.png

 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by MrArun at 2015-07-19 19:17:23
Running from C:\Users\MrArun\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4272568558-252922182-213718967-500 - Administrator - Disabled)
Guest (S-1-5-21-4272568558-252922182-213718967-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4272568558-252922182-213718967-1003 - Limited - Enabled)
MrArun (S-1-5-21-4272568558-252922182-213718967-1001 - Administrator - Enabled) => C:\Users\MrArun
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4272568558-252922182-213718967-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
ACDSee Pro 8 (64-bit) (HKLM\...\{F84CE839-8CDD-4DC1-9A05-FA93BEA8B63D}) (Version: 8.0.0.262 - ACD Systems International Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (HKLM-x32\...\Adobe PageMaker 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
AirDroid 3.1.2.0 (HKLM-x32\...\AirDroid) (Version: 3.1.2.0 - Sand Studio)
Atheros Outlook Addin 2010 (HKU\S-1-5-21-4272568558-252922182-213718967-1001\...\BB108A893815B64BF41C4574C3324FB7371AA244) (Version: 1.0.0.0 - Atheros Outlook Addin 2010)
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Apps Sync™ for Microsoft Outlook® 3.7.410.1100 (HKLM\...\{6C6A2A68-E36C-4AF4-B1A3-EF3F53FF5766}) (Version: 3.7.410.1100 - Google, Inc.)
Google Chrome (HKU\S-1-5-21-4272568558-252922182-213718967-1001\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - )
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.31.1 - ELAN Microelectronic Corp.)
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.300.05.03.483 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Pdfedit (HKLM-x32\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
SMSgee PC SMS Bulk Sender 2.3.5 (HKLM-x32\...\{B2C6EDF1-BF50-470B-B5F2-3F66EFDE0DDE}_is1) (Version:  - SMSgee)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4272568558-252922182-213718967-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\MrArun\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4272568558-252922182-213718967-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\MrArun\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4272568558-252922182-213718967-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4272568558-252922182-213718967-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\MrArun\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4272568558-252922182-213718967-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\MrArun\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4272568558-252922182-213718967-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MrArun\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
27-06-2015 00:06:08 Scheduled Checkpoint
07-07-2015 18:21:23 Scheduled Checkpoint
10-07-2015 11:44:59 Removed Google Apps Migration For Microsoft Outlook® 3.4.27.52
14-07-2015 13:24:33 Installed Pdfedit
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2013-08-22 18:55 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0EFB9AED-3369-4C0B-8A1B-3B6D4872AE6A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {1139B4A5-A2F2-4C97-A080-D53CE2B015E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {1AAE9474-2169-4AAA-A75E-B8F5E6F3F2AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
Task: {2F55F1E4-1277-4523-92C9-62829E6B1426} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {30044030-4AF1-47CB-A0EC-9022446803B9} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-29] (@ByELDI)
Task: {3C46E041-C023-48D5-89F9-2168498D2411} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {44D6B780-4364-4E49-97AC-DB95C4D92C86} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{2fbaa0bd-5645-5161-2fba-aa0bd56482f5}\welcome to karachi (2015) - 1cd - dvdscr-rip - hindi - x264 - mp3 - mafiaking - m2tv.exe <==== ATTENTION
Task: {767D2F16-2FA3-487C-8835-3A4AFF329FFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
Task: {7B2641BE-8F23-4178-AD9C-4DD94524226E} - System32\Tasks\AdobeAAMUpdater-1.0-Arun-MrArun => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {7F387E6B-6BDE-479A-AA33-09D51010AB89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4272568558-252922182-213718967-1001UA => C:\Users\MrArun\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-04] (Google Inc.)
Task: {968AACB7-7B61-46D5-ACA3-B6F1094D2B86} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ARUN-MrArun Arun => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {A37DF504-1025-45E8-88FC-413753AFF5B0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {C7C967D2-088D-4C44-B6F1-63E4DE21B580} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {D4305222-65E0-4F02-AADB-DD46ED03C2CD} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-03-09] (Lenovo)
Task: {DF3C6F28-4BBF-4712-BE19-B4F24430C9D7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {E358963F-1632-46E3-92E7-62884F527446} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {F266E6AA-88AC-4E48-93EA-9C8B1C093E7A} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
Task: {F55E7BAE-EB8B-4D7F-92BE-EF36B7D61D21} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4272568558-252922182-213718967-1001Core => C:\Users\MrArun\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-04] (Google Inc.)
Task: {FF8E71D5-35CD-4601-A022-F6FADBBB3C64} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-03-09] (Lenovo)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{2fbaa0bd-5645-5161-2fba-aa0bd56482f5}\welcome to karachi (2015) - 1cd - dvdscr-rip - hindi - x264 - mp3 - mafiaking - m2tv.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4272568558-252922182-213718967-1001Core.job => C:\Users\MrArun\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4272568558-252922182-213718967-1001UA.job => C:\Users\MrArun\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-31 00:42 - 2012-09-18 15:27 - 00192512 _____ () C:\windows\System32\zlhp1020.dll
2015-06-28 11:30 - 2012-09-18 15:27 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2015-03-31 00:42 - 2012-09-18 15:27 - 03162624 _____ () C:\windows\system32\spool\DRIVERS\x64\3\suhp1020.dll
2015-03-31 00:41 - 2012-09-18 15:27 - 01236992 _____ () C:\windows\system32\spool\DRIVERS\x64\3\gchp1020.dll
2013-10-30 10:52 - 2013-10-30 10:52 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-10-30 10:49 - 2013-10-30 10:49 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-30 10:56 - 2013-10-30 10:56 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-08-06 15:52 - 2010-10-26 10:10 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-09-19 23:56 - 2014-09-19 23:56 - 02136072 _____ () C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
2013-10-30 10:57 - 2013-10-30 10:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-08-06 15:51 - 2013-09-17 00:50 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-07-17 10:00 - 2015-07-14 03:25 - 01281864 _____ () C:\Users\MrArun\AppData\Local\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-17 10:00 - 2015-07-14 03:25 - 00080712 _____ () C:\Users\MrArun\AppData\Local\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-17 10:00 - 2015-07-14 03:25 - 16308040 _____ () C:\Users\MrArun\AppData\Local\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\MrArun\OneDrive:ms-properties
AlternateDataStreams: C:\Users\MrArun\OneDrive.old:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VisualDiscovery => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4272568558-252922182-213718967-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 11.11.11.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CA028746-885B-45C4-A346-291E4492FCB2}] => (Allow) LPort=55100
FirewallRules: [{64B76F69-9E75-4B2E-9BC0-872BD7343041}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{28886F45-02E3-457D-B134-DAD0F42BFEF2}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{82DF4F6C-9F2B-4F0A-8499-E381C0D10F88}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{971B881C-49DD-4FF6-B184-7424393D3F7F}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{0147B509-E70B-4254-831D-448E21665D5D}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [TCP Query User{C77C58E2-8787-4C46-80FA-44CC18E6E451}C:\users\mrarun\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mrarun\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{5699ACFD-BF81-46E8-9B63-024DC1FB7334}C:\users\mrarun\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mrarun\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{F5E84EAE-FCD5-4118-AD25-44BF5D755F14}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{D93910ED-4006-41E2-9551-345F2B97208C}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{94ADC0F6-F285-4098-9B63-ECE8B3480596}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{885706AF-7F21-4396-8216-2E875924AAA8}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{C21C5581-380C-4BCC-9B01-74D2CC49AB19}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{DFDA0522-44B1-47A5-AC50-0300AFC5DC80}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{C8EC10F6-81C8-400F-9AC7-BBC89F6D3817}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{9FA517B0-D4C2-43F0-A86D-954034D2D7D8}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D27EA964-29C9-4F21-8260-29A6CCCF61A9}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{A61035D2-B845-47AC-863E-C83221F59781}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{5B62EE33-6D02-467D-BB92-5C0EC1BA34EC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{8C24178D-9D1D-49F4-B5C3-C46D749178FA}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [TCP Query User{E6F17ADF-CD3A-49DF-A0F9-998ABE531745}C:\users\mrarun\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mrarun\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{89BFBF21-B406-4E45-8A9B-D87C1135D68E}C:\users\mrarun\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mrarun\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{CA520339-706B-45D7-85E4-4F8E7A28BA49}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{84EAE671-1DAC-4DD7-98A7-B8653509EEC9}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{892B7237-9EDD-446B-9B75-C696D5BDE71C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{79E831A7-C368-435C-BF22-C1D903B4DD33}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{58794BE3-FD9F-44D9-90C9-98318D560B4A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{153BA623-4078-4D21-944C-A4DC62DD74AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6E0DB692-8370-44F4-88BB-93EFE24BC198}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{A76C4618-1F0A-4EB9-8373-00E8F025A094}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [TCP Query User{D09B39A3-B547-46C6-9A5B-C85CBE698B22}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{AC0717C9-B5CE-4F9A-A91B-6228114BB052}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/19/2015 05:08:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/19/2015 11:26:35 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/18/2015 06:10:41 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (07/18/2015 06:10:12 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (07/18/2015 09:34:42 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/17/2015 02:17:24 PM) (Source: MsiInstaller) (EventID: 1024) (User: ARUN)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F084E7200}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (07/16/2015 08:35:08 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (07/16/2015 08:32:48 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (07/16/2015 07:50:33 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (07/14/2015 10:36:31 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
 
System errors:
=============
Error: (07/13/2015 04:13:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/13/2015 10:39:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/11/2015 10:09:45 AM) (Source: DCOM) (EventID: 10016) (User: ARUN)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}ArunMrArunS-1-5-21-4272568558-252922182-213718967-1001LocalHost (Using LRPC)UnavailableS-1-15-2-854335982-3965992261-582536507-2670324810-1985340593-207839606-1091268731
 
Error: (07/10/2015 11:26:50 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer NAVIN-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{369F5AEB-8E92-48A0-A58D-79D514CA6D20}.
The master browser is stopping or an election is being forced.
 
Error: (07/08/2015 02:18:26 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.109 with the system
having network hardware address 00-08-22-56-E0-FB. Network operations on this system may
be disrupted as a result.
 
Error: (07/08/2015 11:46:29 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.107 with the system
having network hardware address 38-94-96-B9-8C-AF. Network operations on this system may
be disrupted as a result.
 
Error: (07/07/2015 03:58:48 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (07/03/2015 12:02:13 PM) (Source: DCOM) (EventID: 10010) (User: ARUN)
Description: {0006F03A-0000-0000-C000-000000000046}
 
Error: (07/03/2015 11:59:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/03/2015 11:37:22 AM) (Source: DCOM) (EventID: 10010) (User: ARUN)
Description: {0006F03A-0000-0000-C000-000000000046}
 
 
Microsoft Office:
=========================
Error: (07/19/2015 05:08:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/19/2015 11:26:35 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/18/2015 06:10:41 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (07/18/2015 06:10:12 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (07/18/2015 09:34:42 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/17/2015 02:17:24 PM) (Source: MsiInstaller) (EventID: 1024) (User: ARUN)
Description: Adobe Acrobat Reader DC{AC76BA86-7AD7-0000-2550-AC0F084E7200}1625(NULL)(NULL)(NULL)
 
Error: (07/16/2015 08:35:08 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (07/16/2015 08:32:48 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (07/16/2015 07:50:33 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (07/14/2015 10:36:31 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-14 09:59:23.288
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-04 14:47:37.616
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-28 23:21:06.464
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-13 14:11:18.633
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-06 15:21:42.043
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-04 18:55:13.608
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-02 08:15:50.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-29 16:49:27.177
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-28 09:53:56.258
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-18 22:45:01.117
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 68%
Total physical RAM: 3988.27 MB
Available physical RAM: 1247.9 MB
Total Virtual: 5012.27 MB
Available Virtual: 1437.17 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:224.91 GB) (Free:181.77 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.93 GB) NTFS
Drive g: (Data Etc) (Fixed) (Total:198.81 GB) (Free:135.25 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1DB1F49A)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by MrArun (administrator) on ARUN on 19-07-2015 19:14:19
Running from C:\Users\MrArun\Downloads
Loaded Profiles: MrArun (Available Profiles: MrArun)
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MrArun\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ACPW08EN] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe [1813776 2014-09-17] (ACD Systems)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4272568558-252922182-213718967-1001\...\Run: [Google Update] => C:\Users\MrArun\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-04] (Google Inc.)
HKU\S-1-5-21-4272568558-252922182-213718967-1001\...\Run: [ACDSeeCommanderPro8] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [2136072 2014-09-19] ()
HKU\S-1-5-21-4272568558-252922182-213718967-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [13499392 2015-05-22] (Sand Studio)
HKU\S-1-5-21-4272568558-252922182-213718967-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-4272568558-252922182-213718967-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 11.11.11.1
Tcpip\..\Interfaces\{04758A56-74B0-499B-B75A-B6A02250D32D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{369F5AEB-8E92-48A0-A58D-79D514CA6D20}: [DhcpNameServer] 8.8.8.8 11.11.11.1
Tcpip\..\Interfaces\{8AAB847F-1A0C-4BA7-8D77-E5A66EA88CF4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B1AEC9BF-4C00-4DBF-9C07-33EF5D03FAFC}: [NameServer] 122.160.237.201 202.56.230.7
 
FireFox:
========
FF ProfilePath: C:\Users\MrArun\AppData\Roaming\Mozilla\Firefox\Profiles\zikf3fuk.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4272568558-252922182-213718967-1001: @tools.google.com/Google Update;version=3 -> C:\Users\MrArun\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4272568558-252922182-213718967-1001: @tools.google.com/Google Update;version=9 -> C:\Users\MrArun\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Extension: Firefox Certificate Store Hotfix - C:\Users\MrArun\AppData\Roaming\Mozilla\Firefox\Profiles\zikf3fuk.default\Extensions\[email protected] [2015-05-04]
FF Extension: Download YouTube Videos as MP4 - C:\Users\MrArun\AppData\Roaming\Mozilla\Firefox\Profiles\zikf3fuk.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-05-04]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\MrArun\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Wolfram
Alpha (Official)) - C:\Users\MrArun\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2015-06-13]
CHR Extension: (BuyHatke) - C:\Users\MrArun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaehkpjddfdgiiefcnhahapilbejohhj [2015-06-13]
CHR Extension: (Adblock Super) - C:\Users\MrArun\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-06-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MrArun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-12]
CHR Extension: (Google Wallet) - C:\Users\MrArun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows ® Win 7 DDK provider) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-08-06] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [997568 2014-06-29] (@ByELDI) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-10-30] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R1 MpKsl26ef09a2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{40941B56-E4AA-43D3-974C-9381A5C35044}\MpKsl26ef09a2.sys [45352 2015-07-18] (Microsoft Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-19 19:14 - 2015-07-19 19:15 - 00015348 _____ C:\Users\MrArun\Downloads\FRST.txt
2015-07-19 19:14 - 2015-07-19 19:14 - 00000000 ____D C:\FRST
2015-07-19 19:13 - 2015-07-19 19:13 - 02134528 _____ (Farbar) C:\Users\MrArun\Downloads\FRST64.exe
2015-07-18 20:02 - 2015-07-18 20:02 - 00000000 ____D C:\Users\MrArun\AppData\Local\CEF
2015-07-17 14:06 - 2015-07-17 14:17 - 62854257 _____ C:\Users\MrArun\Downloads\Ice Spikes Explained.mp4
2015-07-17 14:06 - 2015-07-17 14:16 - 55941222 _____ C:\Users\MrArun\Downloads\5 Fun Physics Phenomena.mp4
2015-07-17 13:39 - 2015-07-17 13:56 - 121714390 _____ C:\Users\MrArun\Downloads\Should This Lake Exist.mp4
2015-07-17 13:39 - 2015-07-17 13:45 - 50019590 _____ C:\Users\MrArun\Downloads\Surprising Applications of the Magnus Effect.mp4
2015-07-14 13:25 - 2015-07-14 13:25 - 00000000 ____D C:\Program Files (x86)\Pdfedit
2015-07-14 13:15 - 2015-07-14 13:19 - 07458816 _____ C:\Users\MrArun\Downloads\pdfedit-20140526_1531.msi
2015-07-12 11:51 - 2015-07-12 11:52 - 05624888 _____ C:\Users\MrArun\Downloads\Physics_ncd.zip
2015-07-12 11:51 - 2015-07-12 11:51 - 01088467 _____ C:\Users\MrArun\Downloads\English_C_E.zip
2015-07-12 11:51 - 2015-07-12 11:51 - 00676911 _____ C:\Users\MrArun\Downloads\Mathematics-XII_Up.zip
2015-07-12 11:50 - 2015-07-12 11:50 - 02485460 _____ C:\Users\MrArun\Downloads\Chemistry.zip
2015-07-12 11:49 - 2015-07-12 11:50 - 27534070 _____ C:\Users\MrArun\Downloads\SQP 2014-2015.rar
2015-07-10 20:16 - 2015-07-10 20:16 - 00007535 _____ C:\Users\MrArun\Desktop\PassportApplicationForm_Main_English_V2.0_data.xml
2015-07-10 11:38 - 2015-07-10 11:46 - 00000000 ____D C:\Program Files\Google
2015-07-10 11:38 - 2015-07-10 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
2015-07-10 11:36 - 2015-07-19 18:47 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-10 11:36 - 2015-07-17 09:46 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-08 14:49 - 2015-07-08 14:51 - 00295928 _____ C:\Users\MrArun\Desktop\Vedanta.psd
2015-07-07 15:37 - 2015-07-07 15:37 - 00000000 ____D C:\Users\MrArun\AppData\Local\Deployment
2015-07-06 11:12 - 2015-07-06 11:38 - 00062696 _____ C:\Users\MrArun\Downloads\vectors-practice-problems-2014-09-09.odt
2015-07-04 20:17 - 2015-07-04 20:17 - 00168448 _____ C:\Users\MrArun\Downloads\101B - QTE - SAH priya 1.xls
2015-07-04 20:17 - 2015-07-04 20:17 - 00164352 _____ C:\Users\MrArun\Downloads\104B - QTE - SAH priya 1.xls
2015-07-04 20:17 - 2015-07-04 20:17 - 00163328 _____ C:\Users\MrArun\Downloads\102B - QTE - SAH priya 1.xls
2015-07-04 20:17 - 2015-07-04 20:17 - 00162304 _____ C:\Users\MrArun\Downloads\103B - QTE - SAH priya 1.xls
2015-07-03 20:54 - 2015-07-03 20:54 - 00019757 _____ C:\Users\MrArun\Desktop\Opening rank wise list of colleges.xlsx
2015-07-03 11:34 - 2015-07-03 11:38 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2015-07-03 11:34 - 2015-07-03 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
2015-07-03 11:34 - 2009-10-21 17:16 - 00243200 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ewusbnet.sys
2015-07-03 11:34 - 2009-10-12 15:23 - 00114304 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ewusbdev.sys
2015-07-03 11:34 - 2009-09-10 15:31 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\windows\system32\Drivers\ewusbmdm.sys
2015-07-03 11:34 - 2007-08-09 04:10 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\windows\system32\Drivers\ewdcsc.sys
2015-07-01 08:49 - 2015-07-01 08:49 - 00000000 ___RD C:\Users\MrArun\Documents\Notes
2015-07-01 08:25 - 2015-07-16 20:33 - 00000000 ____D C:\Users\MrArun\Desktop\Green House
2015-07-01 08:25 - 2015-07-06 14:02 - 00000000 ____D C:\Users\MrArun\Desktop\Tanzania
2015-06-29 12:02 - 2015-06-29 12:04 - 00011357 _____ C:\Users\MrArun\Downloads\cool-android-assistant.exe
2015-06-29 11:43 - 2015-06-29 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMSgee
2015-06-29 11:43 - 2015-06-29 11:43 - 00000000 ____D C:\Program Files (x86)\SMSgee
2015-06-29 11:20 - 2015-06-29 11:22 - 02369584 _____ (DRPU Software Pvt. Ltd. ) C:\Users\MrArun\Downloads\Bulk-SMS-Android-Demo.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-19 18:59 - 2015-01-04 12:36 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4272568558-252922182-213718967-1001UA.job
2015-07-19 18:55 - 2015-05-31 18:55 - 00000494 _____ C:\windows\Tasks\Bidaily Synchronize Task[973b].job
2015-07-19 18:36 - 2014-12-13 16:24 - 00003914 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{4BC2FC9A-0B5E-4930-A59E-EFAD53090699}
2015-07-19 17:32 - 2013-08-22 21:06 - 00000000 ____D C:\windows\system32\sru
2015-07-19 17:29 - 2015-04-13 08:57 - 00000000 ____D C:\Program Files\KMSpico
2015-07-19 17:11 - 2014-12-12 23:15 - 00000000 ____D C:\Users\MrArun\AppData\Local\Adobe
2015-07-19 11:52 - 2015-01-04 00:58 - 00083251 _____ C:\windows\setupact.log
2015-07-19 11:45 - 2015-01-04 10:08 - 01956208 _____ C:\windows\WindowsUpdate.log
2015-07-18 20:44 - 2014-03-18 15:23 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-18 20:41 - 2014-12-12 23:10 - 00000000 ____D C:\Users\MrArun\Documents\Bluetooth Folder
2015-07-18 20:40 - 2014-12-12 23:09 - 00000000 ____D C:\Users\MrArun\AppData\Roaming\Atheros
2015-07-18 20:08 - 2014-12-12 23:14 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4272568558-252922182-213718967-1001
2015-07-18 19:59 - 2015-06-05 12:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-18 19:58 - 2015-06-05 12:41 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-18 18:06 - 2015-04-27 19:49 - 00962560 ___SH C:\Users\MrArun\Downloads\Thumbs.db
2015-07-18 09:58 - 2015-01-04 12:36 - 00000870 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4272568558-252922182-213718967-1001Core.job
2015-07-17 16:07 - 2013-08-22 21:06 - 00000000 ____D C:\windows\AppReadiness
2015-07-17 10:12 - 2015-04-25 16:17 - 00017505 _____ C:\Users\MrArun\Desktop\Marks in tests.xlsx
2015-07-17 09:53 - 2015-01-04 12:36 - 00003870 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4272568558-252922182-213718967-1001UA
2015-07-17 09:53 - 2015-01-04 12:36 - 00003490 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4272568558-252922182-213718967-1001Core
2015-07-17 09:42 - 2015-01-01 22:25 - 00003888 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 09:42 - 2015-01-01 22:25 - 00003652 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-17 09:37 - 2015-05-29 09:53 - 00004946 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARUN-MrArun Arun
2015-07-14 19:32 - 2014-12-12 23:08 - 00000000 ____D C:\Users\MrArun\AppData\Local\Packages
2015-07-13 10:40 - 2015-05-31 16:27 - 00000000 ____D C:\Users\MrArun\Documents\AirDroid
2015-07-13 10:40 - 2015-05-06 00:36 - 00000000 ____D C:\Users\MrArun\OneDrive
2015-07-13 10:39 - 2013-08-22 20:15 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-13 10:37 - 2014-08-06 15:52 - 18294956 _____ C:\Users\Public\CAFADEBUG.log
2015-07-13 10:36 - 2015-03-27 00:38 - 00000000 ____D C:\Users\MrArun\AppData\Roaming\uTorrent
2015-07-12 23:24 - 2015-01-02 00:07 - 00000000 ____D C:\Users\MrArun\AppData\Roaming\vlc
2015-07-10 20:18 - 2015-04-15 22:06 - 00345600 ___SH C:\Users\MrArun\Documents\Thumbs.db
2015-07-10 20:10 - 2015-03-12 14:16 - 00000000 ____D C:\Users\MrArun\AppData\Local\CrashDumps
2015-07-10 11:43 - 2015-01-01 22:25 - 00000000 ____D C:\Users\MrArun\AppData\Local\Google
2015-07-08 20:23 - 2014-12-12 23:06 - 00000000 ____D C:\Users\MrArun
2015-07-08 14:38 - 2014-12-12 23:08 - 00000000 ____D C:\Users\MrArun\AppData\Roaming\Adobe
2015-07-08 14:20 - 2015-06-18 09:24 - 00000000 ____D C:\Users\MrArun\Desktop\Calculus For Iit-Jee - Sannu Rahi - Google Books_files
2015-07-07 15:37 - 2015-04-09 11:21 - 00000000 ____D C:\Users\MrArun\AppData\Local\Apps\2.0
2015-07-06 12:32 - 2013-08-22 21:06 - 00000000 ____D C:\windows\LiveKernelReports
2015-07-03 12:03 - 2013-08-22 21:06 - 00000000 ____D C:\windows\tracing
2015-07-03 11:58 - 2013-08-22 18:55 - 00262144 ___SH C:\windows\system32\config\BBI
2015-07-03 08:26 - 2015-01-04 10:37 - 00025228 _____ C:\windows\PFRO.log
2015-06-27 09:28 - 2013-08-22 21:06 - 00000000 ____D C:\windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2015-06-02 12:41 - 2015-06-02 12:41 - 0000000 _____ () C:\Users\MrArun\AppData\Local\Temp.dat
2014-08-06 15:52 - 2014-08-06 15:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-12 12:05
 
==================== End of log ============================
 

  • 0

Advertisements

#2
Essexboy
Posted 20 July 2015 - 09:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, I can see the main problem

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome using control panel.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:


CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Tcpip\..\Interfaces\{B1AEC9BF-4C00-4DBF-9C07-33EF5D03FAFC}: [NameServer] 122.160.237.201 202.56.230.7
2015-07-19 18:55 - 2015-05-31 18:55 - 00000494 _____ C:\windows\Tasks\Bidaily Synchronize Task[973b].job
Task: {44D6B780-4364-4E49-97AC-DB95C4D92C86} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{2fbaa0bd-5645-5161-2fba-aa0bd56482f5}\welcome to karachi (2015) - 1cd - dvdscr-rip - hindi - x264 - mp3 - mafiaking - m2tv.exe <==== ATTENTION
Task: C:\windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{2fbaa0bd-5645-5161-2fba-aa0bd56482f5}\welcome to karachi (2015) - 1cd - dvdscr-rip - hindi - x264 - mp3 - mafiaking - m2tv.exe <==== ATTENTION
c:\programdata\{2fbaa0bd-5645-5161-2fba-aa0bd56482f5}
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

FINALLY

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
Essexboy
Posted 23 July 2015 - 08:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: chrome, shopping deals

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP