C:\Windows\system32\svchost.exe Won't Go Away!

Status
Not open for further replies.

Adnan Ali

New Member
Thread author
Jul 8, 2015
3
I have tried everything online to remove this annoying virus but it has promised me that it wont go away. At Windows startup I get about 2 notifications that avast has blocked a URL:Mal and the URL ends in .dll. I have noticed that it now takes longer to startup and the computer is visibly slower. I tried all those steps in your guide but still i get these notifications.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.

  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




warning.gif
Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.



FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

Adnan Ali

New Member
Thread author
Jul 8, 2015
3
Thanks a lot buddy, God bless you! I'm attaching what you asked for.

FRST.TXT:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by saqib (administrator) on AYAZKHAN on 08-07-2015 23:59:48
Running from C:\Users\saqib\Desktop
Loaded Profiles: saqib (Available Profiles: saqib)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2015-07-06] (Glarysoft Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-26] (Avast Software s.r.o.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={sea...coding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabia.msn.com/
BHO: No Name -> {42A2E106-9F41-8E9F-E7AB-67075AA7D48F} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-08] (Oracle Corporation)
BHO: No Name -> {8340A25F-E300-649A-7A6E-C7E91FD1F58D} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-01] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-08] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90375038-E941-49DD-8178-43220F756742}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\saqib\AppData\Roaming\Mozilla\Firefox\Profiles\z6owf91y.default-1430396752047
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\saqib\AppData\Roaming\Mozilla\Firefox\Profiles\z6owf91y.default-1430396752047\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-07]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\firefox@gingersoftware.2.0.0.57.com [2015-07-07]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-25]
FF HKLM\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.57.com] - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.2.0.0.57.com

Chrome:
=======
CHR Profile: C:\Users\saqib\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-16]
CHR Extension: (No Name) - C:\Users\saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20]
CHR HKLM\...\Chrome\Extension: [inegnfagbnbejipleibbpbgbkhgiihnk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [okmjgifhogfjpknifcepjjddbionenai] - No Path Or update_url value

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-26] (Avast Software s.r.o.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-26] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-26] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-26] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-26] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38472 2013-12-23] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-26] ()
R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-07-07] (Emsisoft GmbH)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2015-06-01] (Glarysoft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-07-08] ()
R3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 23:59 - 2015-07-09 00:00 - 00010093 _____ C:\Users\saqib\Desktop\FRST.txt
2015-07-08 23:53 - 2015-07-08 23:59 - 00000000 ____D C:\FRST
2015-07-08 23:52 - 2015-07-08 23:53 - 01636352 _____ (Farbar) C:\Users\saqib\Desktop\FRST.exe
2015-07-08 23:46 - 2015-07-08 23:57 - 00000224 _____ C:\Windows\setupact.log
2015-07-08 23:46 - 2015-07-08 23:46 - 00000000 _____ C:\Windows\setuperr.log
2015-07-08 17:49 - 2015-07-08 17:49 - 00991232 _____ C:\Users\saqib\Downloads\MicrosoftFixit50267.msi
2015-07-08 17:46 - 2015-07-08 17:46 - 05198336 _____ (AVAST Software) C:\Users\saqib\Downloads\aswMBR.exe
2015-07-08 02:36 - 2015-07-08 02:36 - 02351936 _____ (Kaspersky Lab) C:\Users\saqib\Downloads\kis15.0.1.415en_es_pt_fr_de_it_ru_6887.exe
2015-07-08 02:36 - 2015-07-08 02:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-07-08 02:34 - 2015-07-08 02:34 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\saqib\Downloads\rkill.exe
2015-07-08 02:29 - 2015-07-08 02:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\saqib\Downloads\tdsskiller.exe
2015-07-08 02:28 - 2015-07-08 02:28 - 00000748 _____ C:\Users\saqib\Downloads\Result.txt
2015-07-08 02:28 - 2015-07-08 02:28 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-08 02:28 - 2015-07-08 02:27 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-07-08 02:27 - 2015-07-08 02:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-08 02:26 - 2015-07-08 02:26 - 00892928 _____ (Farbar) C:\Users\saqib\Downloads\MiniToolBox.exe
2015-07-08 02:22 - 2015-07-08 02:22 - 00561248 _____ (Oracle Corporation) C:\Users\saqib\Downloads\jxpiinstall.exe
2015-07-08 02:13 - 2015-07-08 02:14 - 00000000 ____D C:\NPE
2015-07-08 02:12 - 2015-07-08 02:22 - 00000000 ____D C:\Users\saqib\AppData\Local\NPE
2015-07-08 02:12 - 2015-07-08 02:12 - 00000000 ____D C:\ProgramData\Norton
2015-07-08 02:11 - 2015-07-08 02:11 - 03088296 _____ (Symantec Corporation) C:\Users\saqib\Downloads\NPE.exe
2015-07-07 19:16 - 2015-07-08 17:45 - 00035992 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-07-07 18:16 - 2015-07-07 00:14 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-07-07 18:03 - 2015-07-07 18:15 - 160079168 _____ C:\Users\saqib\Downloads\EmsisoftEmergencyKit.exe
2015-07-07 17:23 - 2015-07-07 18:00 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-07 17:23 - 2015-07-07 17:23 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-07 17:21 - 2015-07-07 17:22 - 18041416 _____ C:\Users\saqib\Downloads\RogueKiller.exe
2015-07-07 17:15 - 2015-07-07 17:15 - 00305558 _____ C:\Windows\system32\.crusader
2015-07-07 17:06 - 2015-07-07 17:16 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-07 17:04 - 2015-07-07 17:06 - 10113976 _____ (SurfRight B.V.) C:\Users\saqib\Downloads\HitmanPro.exe
2015-07-07 16:33 - 2015-07-07 17:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-07 16:33 - 2015-07-07 16:36 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\saqib\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-07 16:32 - 2015-07-07 16:33 - 00794598 _____ C:\Users\saqib\Downloads\ESETPoweliksCleaner.exe_20150707.163216.5768.log
2015-07-07 16:32 - 2015-07-07 16:32 - 00000022 _____ C:\Users\saqib\Downloads\ESETPoweliksCleaner.exe_20150707.163216.5768.zip
2015-07-07 16:31 - 2015-07-07 16:31 - 00224968 _____ (ESET) C:\Users\saqib\Downloads\ESETPoweliksCleaner.exe
2015-07-07 00:00 - 2015-07-07 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-06 23:59 - 2015-04-26 00:46 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-07-02 00:35 - 2015-07-02 00:35 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\saqib\Downloads\flashplayer18_ha_install.exe
2015-06-26 17:27 - 2015-07-07 17:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-26 17:27 - 2015-06-26 17:27 - 00001081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-26 17:27 - 2015-06-26 17:27 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-26 16:47 - 2015-06-26 16:48 - 00243408 _____ C:\Users\saqib\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-16 20:21 - 2015-06-26 17:46 - 00000000 ____D C:\Program Files\Google
2015-06-16 20:19 - 2015-06-16 20:19 - 00931408 _____ (Google Inc.) C:\Users\saqib\Downloads\ChromeSetup.exe
2015-06-10 16:48 - 2015-06-03 00:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 16:48 - 2015-05-27 19:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 16:48 - 2015-05-23 08:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 16:48 - 2015-05-23 08:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 16:48 - 2015-05-23 08:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 16:48 - 2015-05-23 08:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 16:48 - 2015-05-23 08:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 16:48 - 2015-05-23 08:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 16:48 - 2015-05-23 08:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 16:48 - 2015-05-23 08:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 16:48 - 2015-05-23 08:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 16:48 - 2015-05-23 08:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 16:48 - 2015-05-23 08:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 16:48 - 2015-05-23 08:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 16:48 - 2015-05-23 08:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 16:48 - 2015-05-23 08:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 16:48 - 2015-05-23 08:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 16:48 - 2015-05-23 08:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 16:48 - 2015-05-23 07:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 16:48 - 2015-05-23 07:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 16:48 - 2015-05-23 07:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 16:48 - 2015-05-23 07:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 16:48 - 2015-05-23 07:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 16:48 - 2015-05-23 07:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 16:48 - 2015-05-23 07:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 16:48 - 2015-05-23 07:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 16:48 - 2015-05-23 07:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 16:48 - 2015-05-23 07:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 16:48 - 2015-05-23 07:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 16:48 - 2015-05-23 07:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 16:48 - 2015-05-23 07:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 16:48 - 2015-05-23 07:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 16:45 - 2015-05-25 22:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 16:45 - 2015-04-11 08:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 16:44 - 2015-05-25 23:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-10 16:44 - 2015-05-25 23:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 16:44 - 2015-05-25 23:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 16:44 - 2015-05-25 23:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 16:44 - 2015-05-25 23:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 16:44 - 2015-05-25 23:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 16:44 - 2015-05-25 23:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 16:44 - 2015-05-25 23:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 16:44 - 2015-05-25 23:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 16:44 - 2015-05-25 23:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 16:44 - 2015-05-25 23:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 16:44 - 2015-05-25 23:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 16:44 - 2015-05-25 23:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 16:44 - 2015-05-25 23:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 16:44 - 2015-05-25 23:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 16:44 - 2015-05-25 22:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 16:44 - 2015-05-25 22:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 16:44 - 2015-05-25 22:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 16:44 - 2015-05-25 22:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 16:44 - 2015-05-25 21:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 16:44 - 2015-05-09 08:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 16:44 - 2015-05-09 08:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 16:44 - 2015-05-09 08:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 16:44 - 2015-05-09 08:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 16:44 - 2015-05-09 08:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 08:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 06:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 16:44 - 2015-05-09 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 16:44 - 2015-04-29 23:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 16:44 - 2015-04-29 23:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 16:44 - 2015-04-29 23:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 16:44 - 2015-04-29 23:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 16:44 - 2015-04-29 23:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 16:44 - 2015-04-24 22:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 23:59 - 2015-06-01 20:19 - 00000000 ____D C:\Program Files\Glary Utilities 5
2015-07-08 23:57 - 2009-07-14 09:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-08 23:56 - 2014-07-18 22:35 - 01563029 _____ C:\Windows\WindowsUpdate.log
2015-07-08 23:55 - 2009-07-14 09:34 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-08 23:55 - 2009-07-14 09:34 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-08 20:06 - 2013-07-09 14:38 - 00000000 ____D C:\Users\saqib\AppData\Roaming\uTorrent
2015-07-08 20:05 - 2013-06-25 19:20 - 00000000 ____D C:\Users\saqib\AppData\Roaming\vlc
2015-07-08 17:38 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\system32\NDF
2015-07-08 02:45 - 2013-06-25 18:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-08 02:41 - 2013-06-25 18:24 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-08 02:41 - 2013-06-25 18:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-08 02:39 - 2014-06-14 20:40 - 00000000 ____D C:\Users\saqib\AppData\Local\Adobe
2015-07-08 02:28 - 2014-08-08 18:05 - 00000000 ____D C:\ProgramData\Oracle
2015-07-08 02:27 - 2014-08-08 18:05 - 00000000 ____D C:\Program Files\Java
2015-07-07 19:14 - 2015-06-01 20:19 - 00001014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-07-07 19:14 - 2015-06-01 20:19 - 00001002 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-07-07 17:01 - 2013-08-28 02:42 - 00000000 ____D C:\Windows\Minidump
2015-07-07 16:24 - 2015-05-12 21:32 - 00000000 ____D C:\ProgramData\71f65ae00001c98
2015-07-07 00:00 - 2014-11-13 23:32 - 00001963 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-06 23:56 - 2013-05-23 19:33 - 00000000 ____D C:\Users\saqib
2015-07-06 23:55 - 2015-04-04 15:45 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-06 23:55 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\system32\wfp
2015-07-06 23:55 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\registration
2015-07-06 18:27 - 2013-12-18 20:07 - 00000000 ____D C:\Users\saqib\Documents\BROCHURE
2015-06-30 23:21 - 2009-07-14 09:53 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-30 23:21 - 2009-07-14 09:53 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU(11).TXT
2015-06-26 23:49 - 2013-06-25 18:32 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-06-26 16:53 - 2013-06-25 17:56 - 00000000 ___RD C:\Program Files\Skype
2015-06-25 00:04 - 2014-12-21 01:20 - 00002664 _____ C:\Users\saqib\Documents\WNetWatcher.cfg
2015-06-23 13:27 - 2013-02-16 06:35 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-23 01:33 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\rescache
2015-06-17 21:20 - 2010-11-21 02:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-17 00:20 - 2014-11-22 21:41 - 00000000 __SHD C:\Users\saqib\AppData\Local\EmieBrowserModeList
2015-06-17 00:20 - 2014-04-29 22:09 - 00000000 __SHD C:\Users\saqib\AppData\Local\EmieUserList
2015-06-17 00:20 - 2014-04-29 22:09 - 00000000 __SHD C:\Users\saqib\AppData\Local\EmieSiteList
2015-06-16 20:26 - 2014-02-22 17:52 - 00000000 ____D C:\Users\saqib\AppData\Local\Google
2015-06-12 18:09 - 2009-07-14 09:33 - 04023288 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 00:59 - 2013-06-25 18:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 00:54 - 2013-07-24 16:02 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 00:47 - 2013-02-16 06:37 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 17:31 - 2013-06-27 15:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2014-10-07 19:14 - 2014-10-07 19:23 - 0000387 _____ () C:\Users\saqib\AppData\Roaming\burnaware.ini
2013-06-30 21:50 - 2013-06-30 21:50 - 0000000 _____ () C:\Users\saqib\AppData\Local\AtStart.txt
2014-10-07 19:15 - 2014-10-07 19:19 - 0000031 _____ () C:\Users\saqib\AppData\Local\burnaware.ini
2013-06-30 21:50 - 2013-06-30 21:50 - 0000000 _____ () C:\Users\saqib\AppData\Local\DSwitch.txt
2013-06-30 21:50 - 2013-06-30 21:50 - 0000000 _____ () C:\Users\saqib\AppData\Local\QSwitch.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-04 17:30

==================== End of log ============================

ADDITION.TXT:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by saqib at 2015-07-09 00:00:39
Running from C:\Users\saqib\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3127734163-2339110621-2366033482-500 - Administrator - Disabled)
Guest (S-1-5-21-3127734163-2339110621-2366033482-501 - Limited - Disabled)
saqib (S-1-5-21-3127734163-2339110621-2366033482-1000 - Administrator - Enabled) => C:\Users\saqib

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Glary Utilities PRO 5.29 (HKLM\...\Glary Utilities 5) (Version: 5.29.0.49 - Glarysoft Ltd)
HP Product Detection (HKLM\...\{ACAA0152-96A4-4D93-92F5-1B4728C3D984}) (Version: 11.15.0008 - HP)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

14-06-2015 21:03:37 Windows Update
15-06-2015 01:09:50 Windows Update
17-06-2015 02:11:58 Windows Update
18-06-2015 02:16:54 Windows Update
19-06-2015 03:00:16 Windows Update
20-06-2015 02:36:33 Windows Update
21-06-2015 02:36:52 Windows Update
22-06-2015 02:40:01 Windows Update
24-06-2015 00:34:55 Windows Update
26-06-2015 16:52:50 Removed Skype Click to Call
30-06-2015 23:50:04 Windows Update
02-07-2015 00:36:17 Windows Update
06-07-2015 23:53:25 Restore Operation
06-07-2015 23:56:57 avast! antivirus system restore point
07-07-2015 00:06:23 Windows Update
07-07-2015 17:14:33 Checkpoint by HitmanPro
07-07-2015 17:15:23 Checkpoint by HitmanPro
08-07-2015 02:18:42 Removed Java 7 Update 67
08-07-2015 02:21:39 Removed Java 8 Update 25
08-07-2015 17:50:15 Installed Microsoft Fix it 50267

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:04 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02191A06-12F6-41A8-AB79-9C4FABA3F787} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2015-07-06] (Glarysoft Ltd)
Task: {5B561A2F-1FD3-4937-BACB-821A052165D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)
Task: {917B2FE1-D56D-4309-BD99-04618D4E41BA} - System32\Tasks\Pointstone\System Cleaner\Startup Dialog => C:\Program Files\Pointstone\System Cleaner 7\Helper.exe
Task: {B5ABEBA3-F460-4DBE-9139-3A675AC46437} - System32\Tasks\GU5SkipUAC => C:\Program Files\Glary Utilities 5\Integrator.exe [2015-07-06] (Glarysoft Ltd)
Task: {DD253452-175B-4C32-A77C-292C84F671BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FD97FAEC-3FB3-4B5E-92BB-E2893B8D90FD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-07] (Avast Software s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-26 00:46 - 2015-04-26 00:46 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-26 00:46 - 2015-04-26 00:46 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-08 23:48 - 2015-07-08 23:48 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070801\algo.dll
2015-03-20 14:49 - 2015-03-20 14:49 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-06 11:27 - 2015-07-06 11:27 - 00080160 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll
2015-07-08 02:41 - 2015-07-08 02:41 - 17321648 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\...\123simsen.com -> www.123simsen.com

There are 7864 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3127734163-2339110621-2366033482-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\saqib\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^saqib^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DriverMax_RESTART => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: Xvid => C:\Program Files\Xvid\CheckUpdate.exe
MSCONFIG\startupreg: YouCam Service =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4BD6CE0B-3BFB-496B-A93A-F6A2C34E7674}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B9682AF2-0D35-40B2-9259-66C448999FE4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D5E49B6D-EADA-47ED-AE34-126360B31C65}] => (Allow) C:\Users\saqib\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4412066A-F4E3-4168-BB0C-74EFE7E824C9}] => (Allow) C:\Users\saqib\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{542D57B5-B0F8-4ED1-8361-7ED99A1BF12F}C:\program files\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files\hp\common\hpdevicedetection3.exe
FirewallRules: [UDP Query User{DA934F7A-3A07-4C4B-97D1-3AE7A2F19EE3}C:\program files\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files\hp\common\hpdevicedetection3.exe
FirewallRules: [{EC60F9EF-C66D-413F-B005-E6A6105634D6}] => (Allow) C:\Users\saqib\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9C7DA871-D8EE-4ED4-8132-1A4B8D35D548}] => (Allow) C:\Users\saqib\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{BF916708-539E-41CD-880E-F33D0D49C25A}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{65362D4B-1164-4E69-89C3-D808A198CA55}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{B88DD637-232A-405A-A12D-2FA37BAD1975}C:\program files\easy-hide-ip\easy-hide-ip.exe] => (Allow) C:\program files\easy-hide-ip\easy-hide-ip.exe
FirewallRules: [UDP Query User{C6775861-D470-4EE4-8BB6-E1CEA8011701}C:\program files\easy-hide-ip\easy-hide-ip.exe] => (Allow) C:\program files\easy-hide-ip\easy-hide-ip.exe
FirewallRules: [TCP Query User{8DB8F5C5-EDD0-4070-AE25-9C807D87F556}C:\program files\easeus\easeus todo pctrans 6.5\bin\pctrans.exe] => (Allow) C:\program files\easeus\easeus todo pctrans 6.5\bin\pctrans.exe
FirewallRules: [UDP Query User{07C21D5B-01A2-4E5B-A2EC-A30019216A05}C:\program files\easeus\easeus todo pctrans 6.5\bin\pctrans.exe] => (Allow) C:\program files\easeus\easeus todo pctrans 6.5\bin\pctrans.exe
FirewallRules: [{D28C7963-A6CF-453F-A54A-7A5D5DF40E0C}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2065351D-FE05-45D5-AA77-664EA073017E}] => (Allow) LPort=2869
FirewallRules: [{A157EC37-DBDF-4B8B-BBE7-01F356B53BDC}] => (Allow) LPort=1900
FirewallRules: [{19741DFC-EA1D-4C14-BE03-ECE71D3E4B89}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CB6E9EFA-F972-4F5E-836D-9D89700E71E8}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{E3637441-02FB-4866-9126-8BAC0B5EB8BC}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{4803C2B2-85FB-4864-8578-5B34AF6D74CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D51C769D-91B8-4009-8CA5-3BF410E64663}] => (Allow) C:\Users\saqib\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D71E137B-98C8-4F52-BD71-BC8534A33E48}] => (Allow) C:\Users\saqib\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27DAF6A8-931F-4A24-A5FC-BFCD4012932A}] => (Allow) C:\Users\saqib\AppData\Local\Temp\nsq631A.tmp\CnetInstaller-76169629.exe
FirewallRules: [{2E879079-25F5-4A2B-8AA7-5E05332A01D9}] => (Allow) C:\Users\saqib\AppData\Local\Temp\nsq631A.tmp\CnetInstaller-76169629.exe
FirewallRules: [{D26DEC58-E189-49D5-BC72-A7185E9DD3E0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{2F9903D5-06CE-426D-AFDB-78D7D3B25A88}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CF1EC71A-B851-4FF8-9242-D9F3B6BD5489}] => (Allow) C:\Users\saqib\AppData\Local\Temp\nsiB868.tmp\CnetInstaller-75021441.exe
FirewallRules: [{12768540-5D06-4B1F-A801-3D8AEA3BE712}] => (Allow) C:\Users\saqib\AppData\Local\Temp\nsiB868.tmp\CnetInstaller-75021441.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Galaxy Core2
Description: SM-G355H
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Samsung Electronics Co., Ltd.
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2015 11:58:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 11:55:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 5.7.2015.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b9c

Start Time: 01d0b9af64f3006a

Termination Time: 0

Application Path: C:\Users\saqib\Downloads\FRST.exe

Report Id:

Error: (07/08/2015 11:47:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 05:54:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 05:28:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 05:19:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 05:17:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 02:45:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 02:14:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 02:03:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/08/2015 11:57:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (07/08/2015 11:57:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:56:44 PM on ‎7/‎8/‎2015 was unexpected.

Error: (07/08/2015 11:47:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (07/08/2015 05:53:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (07/08/2015 05:28:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (07/08/2015 05:19:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (07/08/2015 05:17:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (07/08/2015 02:45:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (07/08/2015 02:13:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (07/08/2015 02:12:49 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office:
=========================
Error: (02/24/2015 11:41:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14855 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (07/01/2014 01:03:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 386 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz
Percentage of memory in use: 98%
Total physical RAM: 1976.27 MB
Available physical RAM: 37.68 MB
Total Virtual: 3952.53 MB
Available Virtual: 1887.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.73 GB) (Free:9.94 GB) NTFS
Drive d: () (Fixed) (Total:100.22 GB) (Free:39.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E6EDDA93)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)

==================== End of log ============================
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
MGADiag.png
Scan with MGADiag

Need to check one more thing.
  • Please download MGADiag by Microsoft and save it to your desktop.
  • Double-click on
    MGADiag.png
    icon to start the tool.
  • PressContinuewhen prompted.
  • When it has finished, press Copy.
  • Press the
    WindowsKey.png
    + R on your keyboard at the same time. Type Notepad and click OK.
  • Paste (Ctrl+V) this into notepad and save to your desktop.
Include that report in your reply.
 

Adnan Ali

New Member
Thread author
Jul 8, 2015
3
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-V9488-FGM44-2C9T3
Windows Product Key Hash: rmk1OjF0iZq7gQoRmEcpnJHr0oc=
Windows Product ID: 00426-OEM-8992662-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {4F4EF66D-3032-42CF-9B88-2454137326D9}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.150525-0603
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{4F4EF66D-3032-42CF-9B88-2454137326D9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2C9T3</PKey><PID>00426-OEM-8992662-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3127734163-2339110621-2366033482</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq 6530b (NA407UC#ABA)</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>68PDD Ver. F.20</Version><SMBIOSVersion major="2" minor="4"/><Date>20111207000000.000000+000</Date></BIOS><HWID>98323F07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pakistan Standard Time(GMT+05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65667</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600010-02-1033-7601.0000-1432013
Installation ID: 002611756312023525753400673072405804615732682703625825
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 2C9T3
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 09-Jul-15 1:16:36 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:24:2015 22:21
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAIAAAABAAAABAABAAEAJJTSFOjK9sd6f0o7ApOEm5y0qudrHMyOfslGyg==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM 30DD
FACP HPQOEM 30DD
HPET HPQOEM 30DD
MCFG HPQOEM 30DD
ASF! HPQOEM 30DD
TCPA HPQOEM 30DD
SSDT HPQOEM SataAhci
SLIC HPQOEM SLIC-MPC
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top