1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browsers not working and interfering with performance

Discussion in 'Virus & Other Malware Removal' started by krishanpatel, May 9, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. krishanpatel

    krishanpatel Thread Starter

    Joined:
    May 9, 2015
    Messages:
    10
    So I am using a HP Pavilion laptop running Windows 8.1. I use Google Chrome and recently everytime I try to open chrome I will be asked if I as administrator want to allow the program to make changes. If I click 'no' it will keep popping up until I click yes. But when I click yes chrome does not open but it causes my entire desktop to go blue and causes trouble with opening programs such as VLC unless I shut down. I tried to reinstall chrome and when I did that it opened but my settings had been changed to use a custom google search engine (http://www.google.com/cse?cx=partne....link/#gsc.tab=0&gsc.q=test search&gsc.page=1) which I could not change because it was set by an administrator. After I closed chrome it would go back to the original problem if I attempted to re-open it. I then decided to simply stop using chrome which is not preferable due to a lot of info saved in it, but when I attempted to use browsers such as Internet Explorer or Firefox, they all opened and functioned but they had the same issue of using a custom search engine and a set home page which I could not change (http://yourtv.link/).
    Please help!

    Thanks :)
     
  2. donetao

    donetao Banned

    Joined:
    Mar 17, 2015
    Messages:
    688

    Attached Files:

  3. krishanpatel

    krishanpatel Thread Starter

    Joined:
    May 9, 2015
    Messages:
    10
    yeah I change it but a few days later it changes back to the custom search engine
     
  4. donetao

    donetao Banned

    Joined:
    Mar 17, 2015
    Messages:
    688
    What search engine does it change back to???
     
  5. krishanpatel

    krishanpatel Thread Starter

    Joined:
    May 9, 2015
    Messages:
    10
    It changes to a google custom search engine. This is the link for when I typed in "test search" : http://www.google.com/cse?cx=partner...rch&gsc.page=1


    It seems to have a specific search parameters and when I tried to change it on chrome it said "set by administrator" and wouldn't allow me to change it. And then chrome would stop working when I closed it
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,371
    First Name:
    Derek
    Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

    See the screenshot where the proper download buttons are highlighted
    [​IMG]

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
    Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

    [​IMG]
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,371
    First Name:
    Derek
  8. krishanpatel

    krishanpatel Thread Starter

    Joined:
    May 9, 2015
    Messages:
    10
    I went through your steps and nothing appears to have changed and I am still having the same issues as before. Here are some images of what appears:
     

    Attached Files:

  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,371
    First Name:
    Derek
    where is the adwcleaner log report then
    I can't even begin to see what is wrong without that
     
  10. krishanpatel

    krishanpatel Thread Starter

    Joined:
    May 9, 2015
    Messages:
    10
    Here is the pop up after it restarted. To be honest I'm not really sure what it even means
     

    Attached Files:

  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,371
    First Name:
    Derek
    ok lets see what this shows
    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to download and run the 64 bit version

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  12. krishanpatel

    krishanpatel Thread Starter

    Joined:
    May 9, 2015
    Messages:
    10
    Not sure exactly what any of it means or how much of my personal information it shows but here are the two logs


    FRST
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
    Ran by Krishan (administrator) on KRISHANPC on 11-05-2015 20:56:52
    Running from C:\Users\Krishan\Desktop
    Loaded Profiles: Krishan (Available profiles: Krishan)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Fuji Xerox Co., Ltd.) C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    () C:\ProgramData\Unknown.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Fuji Xerox Co., Ltd.) C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
    (Fuji Xerox Co., Ltd.) C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    () C:\ProgramData\KRISHANPC\KRISHANPC.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (BitTorrent Inc.) C:\Users\Krishan\AppData\Roaming\uTorrent\uTorrent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
    (Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


    ==================== Registry (Whitelisted) ==================



    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-23] (Realtek Semiconductor)
    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-29] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-29] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-29] (Hewlett-Packard)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated)
    HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-02] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-20] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [Launchercm215f] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe [2632192 2013-07-25] (Fuji Xerox Co., Ltd.)
    HKLM-x32\...\Run: [M255 RUN] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe [357888 2013-07-22] (Fuji Xerox Co., Ltd.)
    HKLM-x32\...\Run: [StatusAutoRunmm255] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe [4229632 2013-07-22] (Fuji Xerox Co., Ltd.)
    HKU\S-1-5-21-1692686636-1700478842-290694213-1001\...\Run: [KRISHANPC] => C:\ProgramData\Unknown.exe [7930259 2015-04-16] ()
    HKU\S-1-5-21-1692686636-1700478842-290694213-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation)
    HKU\S-1-5-21-1692686636-1700478842-290694213-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [571392 2013-08-22] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-08-27]
    ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
    Startup: C:\Users\Krishan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Krishan.exe [2015-04-16] ()
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL14/14
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL14/14
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL14/14
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/HPALL14/14
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL14/14
    HKU\S-1-5-21-1692686636-1700478842-290694213-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yourtv.link
    HKU\S-1-5-21-1692686636-1700478842-290694213-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL14/14
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1692686636-1700478842-290694213-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F
    SearchScopes: HKU\S-1-5-21-1692686636-1700478842-290694213-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partne...={searchTerms}&sa=Search&siteurl=yourtv.link/
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-05] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    FireFox:
    ========
    FF ProfilePath: C:\Users\Krishan\AppData\Roaming\Mozilla\Firefox\Profiles\2f24uua4.default
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://yourtv.link
    FF SelectedSearchEngine: Google
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-11] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-11] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-18] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-10] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    Chrome:
    =======
    CHR HomePage: Default -> hxxp://sanger.dk/
    CHR StartupUrls: Default -> "", "https://www.facebook.com/", "hxxp://news.google.com.au/", "hxxp://gabrielecirulli.github.io/2048/"
    CHR Profile: C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Magic Actions for YouTube™) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-03-23]
    CHR Extension: (Google Drive) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
    CHR Extension: (YouTube) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
    CHR Extension: (Google Search) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
    CHR Extension: (Google Calendar) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-01-17]
    CHR Extension: (Readium) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-01-17]
    CHR Extension: (Simple Window Saver) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfmklldfnlcblofkhdeoohfppdoejdc [2015-01-17]
    CHR Extension: (AdBlock) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-17]
    CHR Extension: (Bookmark Manager) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-04]
    CHR Extension: (Water's Valley) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhpodmbdlgmgffpgbennemfkjhhaocfl [2015-05-04]
    CHR Extension: (Google Wallet) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
    CHR Extension: (Click&Clean App) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-03-23]
    CHR Extension: (SpeakIt!) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2015-04-27]
    CHR Extension: (Gmail) - C:\Users\Krishan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-05] ()
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
    R2 FXNADB; C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [148480 2013-07-22] (Fuji Xerox Co., Ltd.) [File not signed]
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-25] (WildTangent)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-04] (Hewlett-Packard Company) [File not signed]
    R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-20] (Hewlett-Packard Development Company, L.P.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-09] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-15] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-11] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-05] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-11] (Intel Corporation)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-29] (Softex Inc.) [File not signed]
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-03] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
    S3 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-13] (CyberLink)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-14] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-14] ()
    R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-14] ()
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-14] ()
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation)
    R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [573144 2014-06-18] (Realtek Semiconductor Corporation)
    U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-22] (Realsil Semiconductor Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-21] (Realtek Semiconductor Corporation )
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.)
    S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
    U3 McMPFSvc; No ImagePath
    U3 McNaiAnn; No ImagePath
    U3 mcpltsvc; No ImagePath
    U3 McProxy; No ImagePath
    U3 mfecore; No ImagePath
    U3 MSK80Service; No ImagePath
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-05-11 20:56 - 2015-05-11 20:57 - 00022861 _____ () C:\Users\Krishan\Desktop\FRST.txt
    2015-05-11 20:56 - 2015-05-11 20:56 - 00000000 ____D () C:\FRST
    2015-05-11 20:55 - 2015-05-11 20:56 - 02102784 _____ (Farbar) C:\Users\Krishan\Desktop\FRST64.exe
    2015-05-10 18:03 - 2015-05-11 20:08 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-10 18:03 - 2015-05-11 18:08 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-10 18:03 - 2015-05-10 18:11 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-05-10 18:03 - 2015-05-10 18:03 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-05-10 18:03 - 2015-05-10 18:03 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-10 18:03 - 2015-05-10 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-05-10 17:59 - 2015-05-11 06:41 - 00000000 ____D () C:\AdwCleaner
    2015-05-04 16:52 - 2015-05-10 18:06 - 00000258 __RSH () C:\Users\Krishan\ntuser.pol
    2015-05-04 16:51 - 2015-05-10 18:06 - 00000000 __SHD () C:\ProgramData\Google
    2015-05-04 16:51 - 2015-05-04 16:51 - 00000000 __SHD () C:\ProgramData\Unknown
    2015-04-17 14:27 - 2015-04-17 14:27 - 00000000 ____D () C:\Users\Krishan\AppData\Roaming\WinRAR
    2015-04-17 14:27 - 2015-04-17 14:27 - 00000000 ____D () C:\Program Files\WinRAR
    2015-04-16 11:38 - 2015-04-16 11:38 - 00000000 __SHD () C:\ProgramData\KRISHANPC
    2015-04-16 11:38 - 2015-04-16 11:35 - 07930259 ___SH () C:\ProgramData\Unknown.exe
    2015-04-16 10:04 - 2015-05-10 11:51 - 00000000 ____D () C:\Users\Krishan\Desktop\Term 2 2015
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-05-11 20:54 - 2015-01-17 17:54 - 00000000 ____D () C:\Users\Krishan\AppData\Roaming\uTorrent
    2015-05-11 20:04 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-05-11 18:51 - 2015-01-18 12:15 - 00000000 ____D () C:\Users\Krishan\AppData\Roaming\vlc
    2015-05-11 18:50 - 2015-01-17 17:10 - 00000000 ____D () C:\Users\Krishan\AppData\Local\CrashDumps
    2015-05-11 17:49 - 2015-01-18 10:09 - 00004986 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KrishanPC-Krishan KrishanPC
    2015-05-11 16:48 - 2015-01-17 17:22 - 00000000 ____D () C:\Users\Krishan\OneDrive
    2015-05-11 12:59 - 2015-01-17 08:53 - 00000000 ____D () C:\Users\Krishan\Desktop\HSC
    2015-05-11 12:37 - 2015-01-17 17:04 - 01491762 _____ () C:\Windows\WindowsUpdate.log
    2015-05-11 11:27 - 2015-01-18 09:48 - 00000000 ____D () C:\Users\Krishan\Desktop\torrents
    2015-05-11 11:22 - 2015-01-19 08:30 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-05-11 07:05 - 2015-01-17 18:08 - 00663040 ___SH () C:\Users\Krishan\Desktop\Thumbs.db
    2015-05-11 06:46 - 2014-03-18 19:53 - 00958356 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-11 06:42 - 2013-08-23 00:46 - 00045568 _____ () C:\Windows\setupact.log
    2015-05-11 06:42 - 2013-08-23 00:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-11 06:41 - 2013-08-22 23:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2015-05-10 18:20 - 2015-01-17 17:27 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692686636-1700478842-290694213-1001
    2015-05-10 18:08 - 2014-03-18 19:44 - 00324798 _____ () C:\Windows\PFRO.log
    2015-05-10 18:06 - 2015-01-17 17:09 - 00000000 ____D () C:\Users\Krishan
    2015-05-10 18:03 - 2015-01-17 17:45 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-05-09 16:17 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-05-07 20:42 - 2015-01-17 17:10 - 00000000 ____D () C:\Users\Krishan\AppData\Local\Packages
    2015-05-06 21:12 - 2015-01-18 10:04 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-05-05 18:53 - 2015-01-19 16:42 - 00027648 ___SH () C:\Users\Krishan\Downloads\Thumbs.db
    2015-05-05 18:53 - 2015-01-17 08:53 - 00000000 ____D () C:\Users\Krishan\Desktop\Work
    2015-05-04 21:15 - 2015-01-17 17:45 - 00000000 ____D () C:\Users\Krishan\AppData\Local\Deployment
    2015-05-04 16:52 - 2013-08-23 01:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-05-04 16:52 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
    2015-04-29 23:09 - 2015-01-17 18:02 - 00000000 ____D () C:\Users\Krishan\AppData\Roaming\Skype
    2015-04-20 06:52 - 2015-01-17 18:08 - 00000000 ____D () C:\Users\Krishan\Desktop\useful
    ==================== Files in the root of some directories =======
    2015-04-16 11:38 - 2015-04-16 11:35 - 7930259 ___SH () C:\ProgramData\Unknown.exe
    Files to move or delete:
    ====================
    C:\ProgramData\Unknown.exe

    Some content of TEMP:
    ====================
    C:\Users\Krishan\AppData\Local\Temp\Quarantine.exe
    C:\Users\Krishan\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-05-09 10:39
    ==================== End Of Log ============================
    Addition
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
    Ran by Krishan at 2015-05-11 20:57:33
    Running from C:\Users\Krishan\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================



    Administrator (S-1-5-21-1692686636-1700478842-290694213-500 - Administrator - Disabled)
    Guest (S-1-5-21-1692686636-1700478842-290694213-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1692686636-1700478842-290694213-1003 - Limited - Enabled)
    Krishan (S-1-5-21-1692686636-1700478842-290694213-1001 - Administrator - Enabled) => C:\Users\Krishan
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    ĀµTorrent (HKU\S-1-5-21-1692686636-1700478842-290694213-1001\...\uTorrent) (Version: 3.4.2.37951 - BitTorrent Inc.)
    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Back4Win (HKLM-x32\...\Back4Win_is1) (Version: 5.0.0.4 - )
    Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
    CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.)
    Cyberlink PhotoDirector (Version: 5.0.1.5406 - CyberLink Corp.) Hidden
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3121 - CyberLink Corp.)
    CyberLink PowerDirector 12 (Version: 12.0.1.3121 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
    Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    DocuPrint CM215 f_fw (HKLM-x32\...\InstallShield_{87EC497F-070F-4A55-84FC-0E53CDD48C90}) (Version: 1.015.00 - Fuji Xerox)
    DocuPrint CM215 f_fw (x32 Version: 1.015.00 - Fuji Xerox) Hidden
    Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
    Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
    Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
    Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
    HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{E20B0C89-ACCF-4EBB-909D-2E5BD4A9C024}) (Version: 1.1.11 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
    Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
    LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1692686636-1700478842-290694213-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
    Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
    REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.17 - REALTEK Semiconductor Corp.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.33 - REALTEK Semiconductor Corp.)
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
    Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
    WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-1692686636-1700478842-290694213-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-1692686636-1700478842-290694213-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Krishan\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
    ==================== Restore Points =========================
    20-04-2015 18:34:42 Scheduled Checkpoint
    02-05-2015 08:41:02 Scheduled Checkpoint
    09-05-2015 12:40:16 Scheduled Checkpoint
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {143573EE-F5F7-4C9F-BC8A-F2A33B0443BA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KrishanPC-Krishan KrishanPC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
    Task: {45AD96DF-37D2-4E5F-9A2F-064A02EE0DBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
    Task: {65753BD0-C98B-40E3-BFB7-4639551FE674} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
    Task: {79F37B03-8303-4701-804A-52DC1C65D8B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {7EA69BDE-6B99-4209-976A-AFF2A388F0F6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe
    Task: {919368BE-543A-4A2E-93DF-ACAAF63A3258} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
    Task: {980B9E3F-BCD4-4DF4-8E25-605810C4E76F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1692686636-1700478842-290694213-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
    Task: {98B0AD0A-416D-4790-9918-786271354DF4} - System32\Tasks\Microsoft\Windows\WCM\Provisioning\Purge.S-1-5-21-1692686636-1700478842-290694213-1001
    Task: {B1ABE2A4-38E2-4E34-AC02-6719DE24B6BE} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-20] (Hewlett-Packard Development Company, L.P.)
    Task: {B9E24B30-58DE-4154-AFD5-8AB8732F5880} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
    Task: {E30979AC-7BAD-4F41-BDC7-73A1101EAF37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
    Task: {EC6FE0F1-CD39-445B-AFAB-1639BCC1919D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
    Task: {ED09D507-9098-44BC-96E6-7D0E77820E77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-13] (Hewlett-Packard Company)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) ==============
    2014-03-29 06:31 - 2014-03-29 06:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2014-03-29 06:27 - 2014-03-29 06:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2014-03-29 06:27 - 2014-03-29 06:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2014-03-29 06:27 - 2014-03-29 06:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2014-03-29 06:48 - 2014-03-29 06:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2014-03-29 06:48 - 2014-03-29 06:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2015-02-08 17:29 - 2013-05-17 09:46 - 13222912 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\fxthm3aRC.DLL
    2014-08-27 21:06 - 2014-07-05 04:24 - 00094936 ____N () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
    2015-01-18 10:04 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-12-05 01:44 - 2013-12-05 01:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-12-05 01:44 - 2013-12-05 01:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-12-05 01:44 - 2013-12-05 01:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
    2014-08-27 21:34 - 2014-04-15 11:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2015-03-18 12:24 - 2015-01-28 01:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-03-29 06:36 - 2014-03-29 06:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2015-04-16 11:38 - 2015-04-16 11:35 - 07930259 ___SH () C:\ProgramData\Unknown.exe
    2015-04-16 11:38 - 2015-04-14 21:27 - 05067789 ___SH () C:\ProgramData\KRISHANPC\KRISHANPC.exe
    2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-08-27 20:56 - 2013-12-11 01:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-01-18 12:16 - 2015-01-18 12:16 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\Users\Krishan\OneDrive:ms-properties
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    ==================== EXE Association (whitelisted) ===============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1692686636-1700478842-290694213-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Krishan\Desktop\screensaver\n.jpg
    DNS Servers: 192.168.1.1
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)
    HKLM\...\StartupApproved\Run32: => "Launchercm215f"
    ==================== FirewallRules (whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    FirewallRules: [TCP Query User{E0CB270D-E47F-47CC-A11D-434843311AC7}C:\users\krishan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\krishan\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{359FBD1F-C4E8-4D8A-944D-5B452E618143}C:\users\krishan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\krishan\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [TCP Query User{B1F2CD12-5AC5-4C0D-B9B5-6A4E9F3232B6}C:\users\krishan\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\krishan\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{17BEDCCC-90E5-4EBF-94F9-C2CA58D3517C}C:\users\krishan\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\krishan\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [TCP Query User{88C2BD84-0A9D-4CA2-B42B-E47DB3774EB5}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{4138AB6D-DAD4-4F4A-89B3-118AC968E471}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{467A6215-7597-49BB-89F7-A71D07949920}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (05/11/2015 06:50:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: OPBHOBrokerDsktop.exe, version: 8.0.1.11, time stamp: 0x5335c3d5
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0000000000000000
    Faulting process id: 0x2bc4
    Faulting application start time: 0xOPBHOBrokerDsktop.exe0
    Faulting application path: OPBHOBrokerDsktop.exe1
    Faulting module path: OPBHOBrokerDsktop.exe2
    Report Id: OPBHOBrokerDsktop.exe3
    Faulting package full name: OPBHOBrokerDsktop.exe4
    Faulting package-relative application ID: OPBHOBrokerDsktop.exe5
    Error: (05/11/2015 05:50:33 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
    Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
    Exception code: 0xc0000005
    Fault offset: 0x000750d8
    Faulting process id: 0xa64
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5
    Error: (05/11/2015 05:23:57 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
    Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (05/11/2015 05:23:57 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
    Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (05/11/2015 05:23:07 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
    Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (05/11/2015 05:23:07 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
    Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (05/11/2015 05:14:57 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
    Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (05/11/2015 05:14:57 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
    Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (05/11/2015 06:45:06 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: igfxTray.exe, version: 6.15.10.3574, time stamp: 0x535821b3
    Faulting module name: combase.dll, version: 6.3.9600.17031, time stamp: 0x53087867
    Exception code: 0xc0000005
    Fault offset: 0x0000000000005fc4
    Faulting process id: 0x7d8
    Faulting application start time: 0xigfxTray.exe0
    Faulting application path: igfxTray.exe1
    Faulting module path: igfxTray.exe2
    Report Id: igfxTray.exe3
    Faulting package full name: igfxTray.exe4
    Faulting package-relative application ID: igfxTray.exe5
    Error: (05/10/2015 06:09:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: igfxTray.exe, version: 6.15.10.3574, time stamp: 0x535821b3
    Faulting module name: combase.dll, version: 6.3.9600.17031, time stamp: 0x53087867
    Exception code: 0xc0000005
    Fault offset: 0x0000000000005fc4
    Faulting process id: 0xe78
    Faulting application start time: 0xigfxTray.exe0
    Faulting application path: igfxTray.exe1
    Faulting module path: igfxTray.exe2
    Report Id: igfxTray.exe3
    Faulting package full name: igfxTray.exe4
    Faulting package-relative application ID: igfxTray.exe5

    System errors:
    =============
    Error: (05/11/2015 07:37:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
    Error: (05/11/2015 06:00:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
    Error: (05/11/2015 07:14:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
    Error: (05/11/2015 07:00:19 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
    Error: (05/11/2015 06:41:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.
    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error: (05/11/2015 06:41:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.
    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error: (05/11/2015 06:41:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.
    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error: (05/11/2015 06:41:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).
    Error: (05/11/2015 06:41:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    Error: (05/11/2015 06:41:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Microsoft Office Sessions:
    =========================
    Error: (05/11/2015 06:50:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: OPBHOBrokerDsktop.exe8.0.1.115335c3d5unknown0.0.0.000000000c000000500000000000000002bc401d08bb684bbf2a7C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exeunknownb7e54cf0-f7ba-11e4-8272-3863bb9d3292
    Error: (05/11/2015 05:50:33 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.174165452eed9MSHTML.dll11.0.9600.17496546ff2f9c0000005000750d8a6401d08bb767963106C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MSHTML.dll66c8aa30-f7b2-11e4-8272-3863bb9d3292
    Error: (05/11/2015 05:23:57 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector\Kernel\CES\CES_CacheAgent.exe.Manifest
    Error: (05/11/2015 05:23:57 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest
    Error: (05/11/2015 05:23:07 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector\Kernel\CES\CES_CacheAgent.exe.Manifest
    Error: (05/11/2015 05:23:07 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest
    Error: (05/11/2015 05:14:57 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector\Kernel\CES\CES_CacheAgent.exe.Manifest
    Error: (05/11/2015 05:14:57 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest
    Error: (05/11/2015 06:45:06 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: igfxTray.exe6.15.10.3574535821b3combase.dll6.3.9600.1703153087867c00000050000000000005fc47d801d08b6230126faaC:\Windows\system32\igfxTray.exeC:\Windows\SYSTEM32\combase.dll6ff8d9a1-f755-11e4-8272-3863bb9d3292
    Error: (05/10/2015 06:09:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: igfxTray.exe6.15.10.3574535821b3combase.dll6.3.9600.1703153087867c00000050000000000005fc4e7801d08af8a2b3f1b1C:\Windows\system32\igfxTray.exeC:\Windows\SYSTEM32\combase.dlle24ca961-f6eb-11e4-8271-3863bb9d3292

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
    Percentage of memory in use: 30%
    Total physical RAM: 8122.15 MB
    Available physical RAM: 5632.76 MB
    Total Pagefile: 9402.15 MB
    Available Pagefile: 6764.72 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.79 MB
    ==================== Drives ================================
    Drive c: (Windows) (Fixed) (Total:908.35 GB) (Free:828.79 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:22.14 GB) (Free:2.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: C6576513)
    Partition: GPT Partition Type.
    ==================== End Of Log ============================
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,371
    First Name:
    Derek
    Download attached fixlist.txt file and save it to your downloads folder.

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  14. krishanpatel

    krishanpatel Thread Starter

    Joined:
    May 9, 2015
    Messages:
    10
    Ok have completed it. So far internet explorer seems to be rid of all issues, and chrome has opened so I am cautiously optimistic because this has happened previous times and then reverted back to the issue. However on chrome I am still stuck with the custom search engine and it will still not allow me to change it even though I am the administrator or I would assume so.


    Here is the log:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
    Ran by Krishan at 2015-05-12 07:00:54 Run:1
    Running from C:\Users\Krishan\Desktop\New folder (2)
    Loaded Profiles: Krishan (Available profiles: Krishan)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKU\S-1-5-21-1692686636-1700478842-290694213-1001\...\Run: [KRISHANPC] => C:\ProgramData\Unknown.exe [7930259 2015-04-16] ()
    Startup: C:\Users\Krishan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Krishan.exe [2015-04-16] ()
    HKU\S-1-5-21-1692686636-1700478842-290694213-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yourtv.link
    SearchScopes: HKU\S-1-5-21-1692686636-1700478842-290694213-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner...yourtv.link%2F
    SearchScopes: HKU\S-1-5-21-1692686636-1700478842-290694213-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner...yourtv.link/
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    FF Homepage: hxxp://yourtv.link
    2015-04-16 11:38 - 2015-04-16 11:35 - 07930259 ___SH () C:\ProgramData\Unknown.exe
    2015-04-16 11:38 - 2015-04-14 21:27 - 05067789 ___SH () C:\ProgramData\KRISHANPC\KRISHANPC.exe
    EmptyTemp:

    *****************
    HKU\S-1-5-21-1692686636-1700478842-290694213-1001\Software\Microsoft\Windows\CurrentVersion\Run\\KRISHANPC => value deleted successfully.
    C:\Users\Krishan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Krishan.exe => Moved successfully.
    HKU\S-1-5-21-1692686636-1700478842-290694213-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKU\S-1-5-21-1692686636-1700478842-290694213-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-1692686636-1700478842-290694213-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    Firefox homepage deleted successfully.
    C:\ProgramData\Unknown.exe => Moved successfully.
    C:\ProgramData\KRISHANPC\KRISHANPC.exe => Moved successfully.
    EmptyTemp: => Removed 5.9 GB temporary data.

    The system needed a reboot.
    ==== End of Fixlog 07:01:27 ====
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,371
    First Name:
    Derek
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1147988

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice