High ram usage and cpu.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

piped21

Thread Starter
Joined
Sep 21, 2014
Messages
71
NEED HELP. I HAVE A LOT OF FREE SPACE BUT STILL GOT HIGH CPU AND RAM USAGE. AND MY MICROSOFT WON'T WORK.

OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 3892 Mb
Graphics Card: Intel(R) HD Graphics, 1722 Mb
 

LiquidTension

Malware Specialist
Joined
May 28, 2014
Messages
553
Hi piped21,

Lets deal with the high memory usage/slowness now, and address other issues afterwards.
Please do the following.

Farbar Recovery Scan Tool (FRST) Scan
  • Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Right-Click FRST64.exe and select
    Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
 

piped21

Thread Starter
Joined
Sep 21, 2014
Messages
71
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by user (administrator) on USER-PC on 08-02-2015 23:13:34
Running from C:\Users\user\Desktop\WILFRED'S FOLDER\1HINDI ITO MOVIES APLLICATIONS 2\HIGH CPU USAGE\2
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Desura Net Pty Ltd) C:\Program Files (x86)\Desura\desura.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\ProgramData\{fde390e2-0b63-4adf-fde3-390e20b64388}\E206E.exe
() C:\ProgramData\{f801907e-2449-590d-f801-1907e24441f8}\Rurouni Kenshin_ The Legend Ends English Subtitles.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\Reverse Page\updateReversePage.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Desura Net Pty Ltd) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13286472 2013-02-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [3493720 2011-07-04] (AVAST Software)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1938840 2015-01-15] (APN)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9974576 2014-10-24] ()
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [SPDriver] => .\JSDriver\1.36.1.172\jsdrv.exe
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-07] (Google Inc.)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2679392 2015-02-07] (Desura Net Pty Ltd)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [1734992 2015-01-30] (BitTorrent Inc.)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\CurrentVersion\Windows: [Load] C:\Users\user\LOCALS~1\Temp\ccqyiveav.pif <===== ATTENTION
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\MountPoints2: {5857ff80-c44b-11e3-ad8f-f04da25bb0a2} - F:\AutoRun.exe
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\MountPoints2: {5857ff8e-c44b-11e3-ad8f-f04da25bb0a2} - G:\AutoRun.exe
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\MountPoints2: {6dfd117f-c4ab-11e3-94c9-f04da25bb0a2} - F:\AutoRun.exe
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\MountPoints2: {ac9b4095-329f-11e4-89b3-f04da25bb0a2} - G:\HTC_Sync_Manager_PC.exe
IFEO\mypc backup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\softinfo.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E206E.lnk
ShortcutTarget: E206E.lnk -> C:\ProgramData\{fde390e2-0b63-4adf-fde3-390e20b64388}\E206E.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rurouni Kenshin_ The Legend Ends English Subtitles.lnk
ShortcutTarget: Rurouni Kenshin_ The Legend Ends English Subtitles.lnk -> C:\ProgramData\{f801907e-2449-590d-f801-1907e24441f8}\Rurouni Kenshin_ The Legend Ends English Subtitles.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56508;https=127.0.0.1:56508
ProxyServer: [S-1-5-21-3376662306-939230167-2911087751-1000] => http=127.0.0.1:56508;https=127.0.0.1:56508
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type...ld&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type...ld&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type...ld&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420642054&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type...ld&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420642054&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
SearchScopes: HKU\S-1-5-21-3376662306-939230167-2911087751-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
SearchScopes: HKU\S-1-5-21-3376662306-939230167-2911087751-1000 -> 446AA38E1FFC4AE99A0CBDEE511494A2 URL = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=1523565605625643814&crg=&ppd=search,46968492601,skype+download,e,,c,Skype,,,www.fileparade.com&st=23&i=48&did=10844
SearchScopes: HKU\S-1-5-21-3376662306-939230167-2911087751-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420642054&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3376662306-939230167-2911087751-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
BHO: iWebar -> {11111111-1111-1111-1111-110311551110} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
BHO: uNisAaleus -> {159c7a36-1d4d-49f6-8df2-128a7a10a7ff} -> C:\Program Files (x86)\uNisAaleus\UfpV1DgPRvK3WE.x64.dll ()
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Ask Toolbar -> {5347542D-5637-006A-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport_x64.dll" No File
BHO: No Name -> {56444A2D-5637-006A-76A7-7A786E7484D7} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: saafeweb -> {B858C2C3-C588-9BC5-E2CF-7D7FCB8A4B60} -> C:\Program Files (x86)\saafeweb\_IQH9gPZ.x64.dll No File
BHO-x32: uNisAaleus -> {159c7a36-1d4d-49f6-8df2-128a7a10a7ff} -> C:\Program Files (x86)\uNisAaleus\UfpV1DgPRvK3WE.dll ()
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: No Name -> {5347542D-5637-006A-76A7-7A786E7484D7} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Reverse Page 1.0.0.6 -> {83dc36e5-db3f-461a-8fbc-245e44000b1f} -> C:\Program Files (x86)\Reverse Page\ReversePagebho.dll (Reverse Page)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {5347542D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport_x64.dll" No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {5347542D-5637-006A-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-3376662306-939230167-2911087751-1000 -> Ask Toolbar - {5347542D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport_x64.dll" No File
Toolbar: HKU\S-1-5-21-3376662306-939230167-2911087751-1000 -> No Name - {56444A2D-5637-006A-76A7-7A786E7484D7} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type...ld&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default
FF NewTab: hxxp://isearch.omiga-plus.com/newtab/?type=nt&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
FF Homepage: hxxp://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL: hxxp://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH&l=1&q=
FF DefaultSearchUrl: hxxp://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3376662306-939230167-2911087751-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3376662306-939230167-2911087751-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\user.js
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\searchplugins\WebSearch.xml
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\Extensions\[email protected] [2014-09-26]
FF Extension: Fast Start - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\Extensions\[email protected] [2015-01-07]
FF Extension: {{EXT_NAME}} - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\Extensions\{12b6fdcd-4423-4276-82a3-73fdbff5f7e4} [2014-10-03]
FF Extension: Reverse Page 1.0.1 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\Extensions\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}.xpi [2015-01-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\extensions\[email protected]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\extensions\[email protected]2d1973314.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1396871762&from=amt&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1396871762&from=amt&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB", "hxxp://www.search.ask.com/?tpid=SGT-V7&o=APN11004&pf=V7&trgb=CR&p2=%5EB3Q%5EYYYYYY%5EYY%5EPH&gct=hp&apn_ptnrs=%5EB3Q&apn_dtid=%5EYYYYYY%5EYY%5EPH&apn_dbr=ie_8.0.7601.17514&apn_uid=DC98714B-9F42-4FC8-8E39-A9F00684B9C9&itbv=12.10.6.5030&doi=2014-04-16&psv=", "hxxp://mysearch.sweetpacks.com/?barid=1523565605625643814&src=10&&st=23&i=48&did=10844", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1420641920&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420642054&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB"
CHR DefaultSearchKeyword: Default -> mysearch.sweetpacks.com
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaailpifkkekipiachodfkfmgmiapmp [2014-04-16]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-07]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (FilmFanatic) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg [2014-09-07]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]
CHR Extension: (Elite Unzip) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2014-10-25]
CHR Extension: (avast! WebRep) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2015-01-30]
CHR Extension: (safewweeb) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkgadipkgbabgfgaaifkcligmadkenmm [2014-04-07]
CHR Extension: (Undeaddies) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni [2014-11-25]
CHR Extension: (Flash Player) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbefghbdbnbbmkpoeigjealdphmdkbhh [2014-05-01]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Pink My Facebook) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\okcdpfndmnjdijikpehblfeancekjcgo [2015-02-06]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]
CHR Extension: (League of Legends) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnebjcbjacbfiiohelmhennfcajmpala [2014-09-13]
CHR HKLM\...\Chrome\Extension: [aaaailpifkkekipiachodfkfmgmiapmp] - C:\ProgramData\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaailpifkkekipiachodfkfmgmiapmp] - C:\ProgramData\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [emifpdknblofhkmfakapfbpmopnmcdmo] - C:\Program Files (x86)\SuddenlyMusic_93 Chrome Extension\bar\[email protected] [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 47d6400d; c:\Program Files (x86)\LighterEdit\LighterEdit.dll [1538560 2015-02-06] () [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2014-09-04] () [File not signed]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-15] (APN LLC.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [42184 2011-07-04] (AVAST Software)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-26] (Just Develop It) <==== ATTENTION
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5132656 2013-11-21] (INCA Internet Co., Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
R2 Update Reverse Page; C:\Program Files (x86)\Reverse Page\updateReversePage.exe [529144 2015-01-07] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22360 2011-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [64856 2011-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-07-04] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [600920 2011-07-04] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [288088 2011-07-04] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [45400 2011-07-04] (AVAST Software)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [113792 2009-06-22] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-02-04] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-04] (Qualcomm Atheros Co., Ltd.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1047144 2011-09-07] (Realtek Semiconductor Corporation )
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S2 SPDRIVER_1.36.1.172; .\JSDriver\1.36.1.172\jsdrv.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 21:44 - 2015-02-07 21:44 - 00001264 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk
2015-02-07 21:44 - 2015-02-07 21:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-06 14:22 - 2015-02-06 14:23 - 00000000 ____D () C:\Users\user\Downloads\Sonic Journeys - Rock Doc Collection
2015-02-06 14:17 - 2015-02-06 14:17 - 00000000 ____D () C:\Users\user\AppData\Roaming\EZDownloader
2015-02-06 14:07 - 2015-02-06 14:07 - 00000000 ____D () C:\Windows\SysWOW64\X86
2015-02-06 14:07 - 2015-02-06 14:07 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-02-06 14:07 - 2015-02-06 14:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-02-06 14:07 - 2015-02-06 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
2015-02-06 14:06 - 2015-02-07 14:59 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-02-06 14:06 - 2015-02-06 14:06 - 00000000 ____D () C:\Program Files (x86)\LighterEdit
2015-02-06 14:04 - 2015-02-06 14:04 - 00000000 ____D () C:\Program Files (x86)\uNisAaleus
2015-02-06 14:04 - 2015-02-06 14:04 - 00000000 ____D () C:\Program Files (x86)\Pink My Facebook
2015-02-06 14:03 - 2015-02-06 14:21 - 00000000 ____D () C:\ProgramData\{fde390e2-0b63-4adf-fde3-390e20b64388}
2015-02-06 14:03 - 2015-02-06 14:03 - 00000000 ____D () C:\ProgramData\odgpinfbhdmpmcldjpdlmcabapdebing
2015-02-06 13:58 - 2015-02-06 13:58 - 00000000 ____D () C:\ProgramData\niiagodioaabbflblagdiieffnnjplon
2015-02-06 13:58 - 2015-02-06 13:58 - 00000000 ____D () C:\ProgramData\14794052843789341492
2015-02-06 13:58 - 2015-02-06 13:58 - 00000000 ____D () C:\Program Files (x86)\Uniusalees
2015-02-06 13:57 - 2015-02-06 14:21 - 00000000 ____D () C:\ProgramData\{f801907e-2449-590d-f801-1907e24441f8}
2015-01-30 22:51 - 2015-02-08 22:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2015-01-30 22:51 - 2015-01-30 22:51 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-30 22:51 - 2015-01-30 22:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-30 22:51 - 2015-01-30 22:51 - 00000000 ____D () C:\Users\user\AppData\Local\Skype
2015-01-30 22:51 - 2015-01-30 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-30 22:50 - 2015-01-30 22:50 - 00000000 ____D () C:\ProgramData\Skype
2015-01-30 22:43 - 2015-01-30 22:43 - 00000000 ____D () C:\Users\user\AppData\Local\AskPartnerNetwork
2015-01-30 22:43 - 2015-01-30 22:43 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2015-01-30 22:41 - 2015-02-08 23:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2015-01-30 22:41 - 2015-01-30 22:41 - 00000792 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-30 22:41 - 2015-01-30 22:41 - 00000000 ____D () C:\Users\user\AppData\Roaming\OpenCandy
2015-01-30 22:41 - 2015-01-30 22:41 - 00000000 ____D () C:\ProgramData\APN
2015-01-29 18:57 - 2015-01-29 18:57 - 00001801 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-01-29 18:57 - 2015-01-29 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
2015-01-29 18:57 - 2011-07-04 19:36 - 00600920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-01-29 18:57 - 2011-07-04 19:36 - 00288088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-29 18:57 - 2011-07-04 19:35 - 00045400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-01-29 18:57 - 2011-07-04 19:32 - 00064856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-29 18:57 - 2011-07-04 19:32 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-01-29 18:57 - 2011-07-04 19:32 - 00022360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2015-01-29 18:56 - 2011-07-04 19:43 - 00199304 _____ (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2015-01-29 18:56 - 2011-07-04 19:43 - 00040112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-29 18:53 - 2015-01-29 18:58 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2015-01-28 08:37 - 2015-01-28 08:37 - 00000000 ____D () C:\ATI
2015-01-18 23:51 - 2015-01-18 23:51 - 00010456 _____ () C:\Users\user\Downloads\GARCIA-DARREN-ESTHER-O._PRELIM-IN-COMPUTER.xlsx
2015-01-18 14:20 - 2015-01-18 14:20 - 00032796 _____ () C:\Users\user\Downloads\cejApOEZ.jpeg
2015-01-15 20:03 - 2015-01-15 22:15 - 00000000 ____D () C:\Program Files (x86)\microvolts
2015-01-15 19:38 - 2015-02-07 15:58 - 00000000 ____D () C:\Program Files (x86)\SD EnterNET
2015-01-15 17:14 - 2015-01-15 19:26 - 1135046016 _____ (Acresso Software Inc. ) C:\Users\user\Downloads\navyfield2.exe
2015-01-14 21:19 - 2014-12-19 11:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 21:19 - 2014-12-19 09:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 21:19 - 2014-12-12 13:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 21:19 - 2014-12-12 13:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 21:19 - 2014-12-12 13:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 21:19 - 2014-12-12 13:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 21:19 - 2014-12-12 13:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 21:19 - 2014-12-12 13:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 21:19 - 2014-12-12 13:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 21:19 - 2014-12-12 01:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 21:19 - 2014-12-06 12:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 21:19 - 2014-12-06 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 21:19 - 2014-12-06 11:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 23:13 - 2014-09-26 09:23 - 00000000 ____D () C:\FRST
2015-02-08 23:09 - 2014-04-07 18:29 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000UA.job
2015-02-08 22:53 - 2009-07-14 12:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 22:53 - 2009-07-14 12:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 22:50 - 2014-04-07 12:46 - 01401792 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 22:48 - 2014-04-07 12:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 22:47 - 2014-10-06 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
2015-02-08 22:47 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-08 22:45 - 2014-04-07 22:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 22:45 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 22:45 - 2009-07-14 12:51 - 00104795 _____ () C:\Windows\setupact.log
2015-02-08 17:18 - 2014-04-07 22:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 22:09 - 2014-04-07 18:29 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000Core.job
2015-02-07 16:19 - 2014-04-07 12:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-07 15:50 - 2014-10-06 13:24 - 00000000 ____D () C:\Program Files (x86)\Desura
2015-02-06 12:17 - 2014-04-07 21:30 - 00000000 ____D () C:\Users\user\Desktop\WILFRED'S FOLDER
2015-02-06 10:52 - 2014-09-11 22:13 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-02-06 10:27 - 2009-07-14 13:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 10:11 - 2014-04-07 12:54 - 00002531 _____ () C:\Users\user\Desktop\Google Chrome.lnk
2015-02-05 22:12 - 2014-04-07 22:13 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 22:12 - 2014-04-07 22:13 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 22:04 - 2014-04-07 18:29 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000UA
2015-02-05 22:04 - 2014-04-07 18:29 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000Core
2015-01-31 10:41 - 2010-11-21 11:47 - 00049272 _____ () C:\Windows\PFRO.log
2015-01-29 18:57 - 2014-04-07 22:13 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2015-01-29 18:56 - 2014-04-07 22:13 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-28 20:55 - 2014-06-10 21:35 - 00000000 ____D () C:\Users\user\Desktop\giselle
2015-01-22 19:55 - 2014-05-12 14:16 - 00000000 ____D () C:\Users\user\Desktop\MEME
2015-01-17 20:18 - 2014-04-07 18:08 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-17 15:19 - 2014-12-01 21:06 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2015-01-17 13:59 - 2009-07-14 13:08 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-16 23:04 - 2014-12-16 00:54 - 00000000 ____D () C:\Users\user\Desktop\newsongs
2015-01-15 19:44 - 2014-05-04 19:21 - 00044884 _____ () C:\Windows\DirectX.log
2015-01-14 21:49 - 2014-05-16 10:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:44 - 2014-05-16 10:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-07-26 04:29 - 2014-12-19 00:50 - 0045270 _____ () C:\Users\user\AppData\Roaming\room_v3.dat
2014-05-02 12:17 - 2014-10-25 20:35 - 0027136 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-18 11:50 - 2014-08-17 00:31 - 0007595 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2014-10-05 23:42 - 2014-10-06 00:09 - 0877747 ____N () C:\Users\user\AppData\Local\Tempmusic.ogg

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\679648f7.exe
C:\Users\user\AppData\Local\Temp\amt_webssearches.exe
C:\Users\user\AppData\Local\Temp\BackupSetup.exe
C:\Users\user\AppData\Local\Temp\bs.exe
C:\Users\user\AppData\Local\Temp\burnsetup.exe
C:\Users\user\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\user\AppData\Local\Temp\down.1728.ytab_setup.exe
C:\Users\user\AppData\Local\Temp\E206E.exe
C:\Users\user\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\user\AppData\Local\Temp\GUR7ABA.exe
C:\Users\user\AppData\Local\Temp\hdfgjd2.exe
C:\Users\user\AppData\Local\Temp\installer.exe
C:\Users\user\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\mgsqlite3.dll
C:\Users\user\AppData\Local\Temp\NeffySetup.exe
C:\Users\user\AppData\Local\Temp\OnlineBackup.exe
C:\Users\user\AppData\Local\Temp\patch_3050403.exe
C:\Users\user\AppData\Local\Temp\patch_3050501.exe
C:\Users\user\AppData\Local\Temp\PH_140805to140819.exe
C:\Users\user\AppData\Local\Temp\PH_140819to140903.exe
C:\Users\user\AppData\Local\Temp\PH_140903to140916.exe
C:\Users\user\AppData\Local\Temp\PH_140916to140930.exe
C:\Users\user\AppData\Local\Temp\PH_140930to141003.exe
C:\Users\user\AppData\Local\Temp\PH_141003to141014.exe
C:\Users\user\AppData\Local\Temp\PH_141014to141021.exe
C:\Users\user\AppData\Local\Temp\PH_141021to141111.exe
C:\Users\user\AppData\Local\Temp\PH_141111to141118.exe
C:\Users\user\AppData\Local\Temp\PH_141118to141119.exe
C:\Users\user\AppData\Local\Temp\PH_141119to141125.exe
C:\Users\user\AppData\Local\Temp\PH_141125to141215.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\ResetDevice.exe
C:\Users\user\AppData\Local\Temp\Runner2.exe
C:\Users\user\AppData\Local\Temp\Runner4.exe
C:\Users\user\AppData\Local\Temp\ShopperProJSFull.exe
C:\Users\user\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\user\AppData\Local\Temp\smarter.exe
C:\Users\user\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\user\AppData\Local\Temp\Tsu6BF0F28F.dll
C:\Users\user\AppData\Local\Temp\update_2_198.exe
C:\Users\user\AppData\Local\Temp\update_2_199.exe
C:\Users\user\AppData\Local\Temp\update_2_200.exe
C:\Users\user\AppData\Local\Temp\uttB2A4.tmp.exe
C:\Users\user\AppData\Local\Temp\uttCBC1.tmp.exe
C:\Users\user\AppData\Local\Temp\vcredist_x64.exe
C:\Users\user\AppData\Local\Temp\wpsetup.exe
C:\Users\user\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 22:03

==================== End Of Log ============================
 

piped21

Thread Starter
Joined
Sep 21, 2014
Messages
71
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by user at 2015-02-08 23:15:24
Running from C:\Users\user\Desktop\WILFRED'S FOLDER\1HINDI ITO MOVIES APLLICATIONS 2\HIGH CPU USAGE\2
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\uTorrent) (Version: 3.4.2.38424 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.355 - ArcSoft)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
ATI Catalyst Install Manager (HKLM\...\{80CCF307-91AB-A249-E820-18E09DD3681D}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 6.0.1203.0 - AVAST Software)
Desura (HKLM-x32\...\Desura) (Version: 100.63 - Desura)
Desura: Baby Blues - Toddler Horror Game (HKLM-x32\...\Desura_87836376170528) (Version: Full - Kumi)
Desura: ERIE (HKLM-x32\...\Desura_81776177315872) (Version: Full - UGF)
Desura: ILLUSION - Ghost Killer (HKLM-x32\...\Desura_92002494447648) (Version: Full - Incrible Games)
Desura: VANISH (HKLM-x32\...\Desura_102409200205856) (Version: Beta - 3DrunkMen)
Erie (HKLM\...\UDK-2ea87fe7-b315-4532-9176-bf5e1f35183a) (Version: - Epic Games, Inc.)
EZDownloader (HKLM-x32\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader) <==== ATTENTION
Five Nights at Freddy's DEMO (HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Five Nights at Freddy's DEMO) (Version: - )
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version: - Garena Online Pte Ltd.)
Garena+ (HKLM-x32\...\im) (Version: - Garena Online Pte Ltd.)
Google Chrome (HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GovernorMirror (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{47d6400d}) (Version: - GovernorMirror) <==== ATTENTION
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
ManyCam 4.0.77 (HKLM-x32\...\ManyCam) (Version: 4.0.77 - Visicom Media Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
microvolts 1,0,0,0 (HKLM-x32\...\microvolts) (Version: 1,0,0,0 - CDNetworks)
MixPad (HKLM-x32\...\MixPad) (Version: 3.56 - NCH Software)
NVIDIA PhysX (HKLM-x32\...\{DD1865F0-AD73-40FB-B23E-1822E02396FF}) (Version: 9.09.0203 - NVIDIA Corporation)
Pink My Facebook (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
Reverse Page (HKLM\...\Reverse Page) (Version: 2015.01.07.132250 - Reverse Page) <==== ATTENTION
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype&#8482; 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sun Broadband Wireless (HKLM-x32\...\Sun Broadband Wireless) (Version: 11.300.05.03.256 - Huawei Technologies Co.,Ltd)
TuneUp Utilities 2014 (en-GB) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
uNisAaleus (HKLM-x32\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version: - ) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

20-01-2015 23:02:42 Windows Update
24-01-2015 18:28:00 Windows Update
27-01-2015 21:25:37 Windows Update
29-01-2015 18:45:30 avast! Free Antivirus Setup
29-01-2015 18:49:15 avast! Free Antivirus Setup
29-01-2015 18:52:51 avast! Free Antivirus Setup
29-01-2015 18:56:08 avast! Free Antivirus Setup
31-01-2015 10:49:06 Windows Update
03-02-2015 23:54:42 Windows Update
07-02-2015 15:07:29 Windows Update
07-02-2015 21:45:49 Revo Uninstaller's restore point - O2Jam (e-Games) v.3.50
07-02-2015 21:48:09 Revo Uninstaller's restore point - Virtual DJ Toolbar

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B1B2A32-AF92-4D05-80CD-D2E51FFEA71D} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: {0ECDCBA4-BAE2-47BD-B097-79E09E6FF85A} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {1F65A377-6FD8-4447-AF78-61533B521EAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {1FED595E-528A-4812-B07E-35EC875566B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)
Task: {8DB6138A-022C-430C-A7BC-937A257487C0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3376662306-939230167-2911087751-1000
Task: {910FEA15-D6EC-46BA-8CEE-B6321EB64E78} - System32\Tasks\{3FE479D7-4C16-4F84-AF5F-19BEE805E733} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {9AD39C66-BB29-485C-B0D8-03A12E5D7DCE} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {A11295BA-7DE1-45DA-9DB3-080860BF0DAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)
Task: {B6275BA7-9564-4D0D-8F0E-8DEF60AA9500} - System32\Tasks\{2E5B78AA-38BF-4778-9AFA-807719EEE1AC} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {BD3B9BD4-4CAA-449D-9E4C-7E1D3AA92640} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20] (Adobe Systems Incorporated)
Task: {C9EB0541-F535-4199-9C3C-7C2A6622C644} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {CAE7B97A-4251-4A65-A375-CCFFD54D874E} - System32\Tasks\{90DAC5D2-CAF4-4F25-BCCE-02CB99B25323} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {CFD6D81F-1416-4A87-9442-D1D846E398BE} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe
Task: {D81AB359-166E-4BFF-BC2D-628705D95F13} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2014-07-23] (Informer Technologies, Inc.)
Task: {E350AA9F-3633-49E2-9637-B546C83F6167} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {E55B75AC-4DA5-481B-BEBB-8FECC0B20453} - System32\Tasks\gg_uac_daemon_user => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2014-07-29] ()
Task: {F5BF9C02-3588-43A2-B3FD-7D4FF5149B8A} - System32\Tasks\{1A1D8D95-2E33-49FE-BAEA-C9464A3B2687} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {F7A491B7-56A6-4CB1-BF6A-CF90F8271909} - System32\Tasks\{8634AC55-6D38-4BE1-AE5F-4576F6A01709} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=12002
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-29 12:40 - 2014-07-29 12:40 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-06 14:03 - 2014-02-06 14:03 - 01162752 _____ () C:\ProgramData\{fde390e2-0b63-4adf-fde3-390e20b64388}\E206E.exe
2014-02-06 13:57 - 2014-02-06 13:57 - 01162752 _____ () C:\ProgramData\{f801907e-2449-590d-f801-1907e24441f8}\Rurouni Kenshin_ The Legend Ends English Subtitles.exe
2015-02-06 14:07 - 2014-11-26 03:29 - 00299008 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-03-20 14:44 - 2014-03-20 14:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2015-01-07 21:30 - 2015-01-07 21:30 - 00529144 _____ () C:\Program Files (x86)\Reverse Page\updateReversePage.exe
2015-01-29 18:56 - 2011-07-05 02:17 - 01268224 _____ () C:\Program Files\AVAST Software\Avast\defs\11070401\algo.dll
2014-07-29 12:40 - 2014-07-29 12:40 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2015-02-06 10:11 - 2015-02-04 17:02 - 01117512 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 10:11 - 2015-02-04 17:02 - 00211272 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\40.0.2214.111\libegl.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 06333024 _____ () C:\Program Files (x86)\Desura\bin\uicore.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 01735776 _____ () C:\Program Files (x86)\Desura\bin\mcfcore.dll
2014-10-06 13:39 - 2015-01-24 18:22 - 00535040 _____ () C:\Program Files (x86)\Desura\bin\gmock.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 05749344 _____ () C:\Program Files (x86)\Desura\bin\usercore.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 01616992 _____ () C:\Program Files (x86)\Desura\bin\webcore.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 02921472 _____ () C:\Program Files (x86)\Desura\bin\unittest.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 01962080 _____ () C:\Program Files (x86)\Desura\bin\servicecore.dll
2014-10-06 13:39 - 2014-10-06 13:39 - 18300416 _____ () C:\Program Files (x86)\Desura\bin\cef_desura.dll
2014-10-06 13:39 - 2014-10-06 13:39 - 01577761 _____ () C:\Program Files (x86)\Desura\bin\avcodec-53.dll
2014-10-06 13:39 - 2014-10-06 13:39 - 00134035 _____ () C:\Program Files (x86)\Desura\bin\avutil-51.dll
2014-10-06 13:39 - 2014-10-06 13:39 - 00213022 _____ () C:\Program Files (x86)\Desura\bin\avformat-53.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 00794720 _____ () C:\Program Files (x86)\Desura\bin\scriptcore.dll
2014-10-06 13:39 - 2015-01-24 18:22 - 03444224 _____ () C:\Program Files (x86)\Desura\bin\v8.dll
2015-02-06 10:11 - 2015-02-04 17:02 - 09170760 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-06 10:11 - 2015-02-04 17:02 - 14965064 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3376662306-939230167-2911087751-500 - Administrator - Disabled)
Guest (S-1-5-21-3376662306-939230167-2911087751-501 - Limited - Disabled)
user (S-1-5-21-3376662306-939230167-2911087751-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: WiMAX Bus Eumerator
Description: WiMAX Bus Eumerator
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: TuneUpUtilitiesDrv
Description: TuneUpUtilitiesDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: TuneUpUtilitiesDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 10:46:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 04:57:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2015 07:27:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2015 04:19:51 PM) (Source: MsiInstaller) (EventID: 11706) (User: user-PC)
Description: Product: Microsoft Office Enterprise 2007 -- Error 1706.Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see SETUP.CHM.

Error: (02/07/2015 04:10:38 PM) (Source: MsiInstaller) (EventID: 11706) (User: user-PC)
Description: Product: Microsoft Office Enterprise 2007 -- Error 1706.Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see SETUP.CHM.

Error: (02/07/2015 04:00:43 PM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Google Chrome

Error: (02/07/2015 04:00:42 PM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Google Chrome

Error: (02/07/2015 04:00:38 PM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Google Chrome

Error: (02/07/2015 04:00:38 PM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Google Chrome

Error: (02/07/2015 04:00:38 PM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Google Chrome


System errors:
=============
Error: (02/08/2015 10:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TuneUpUtilitiesDrv service failed to start due to the following error:
%%2

Error: (02/08/2015 10:46:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error:
%%3

Error: (02/08/2015 10:46:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPDRIVER_1.36.1.172 service failed to start due to the following error:
%%3

Error: (02/08/2015 10:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error:
%%2

Error: (02/08/2015 10:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error:
%%2

Error: (02/08/2015 10:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error:
%%3

Error: (02/08/2015 10:45:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LighterEdit service to connect.

Error: (02/08/2015 05:49:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/08/2015 04:57:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TuneUpUtilitiesDrv service failed to start due to the following error:
%%2

Error: (02/08/2015 04:56:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error:
%%3


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 80%
Total physical RAM: 3892.52 MB
Available physical RAM: 768.42 MB
Total Pagefile: 7783.23 MB
Available Pagefile: 3389.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.78 GB) (Free:55.49 GB) NTFS
Drive d: () (Fixed) (Total:232.88 GB) (Free:232.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5C6C666C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 

piped21

Thread Starter
Joined
Sep 21, 2014
Messages
71
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by user at 2015-02-08 23:15:24
Running from C:\Users\user\Desktop\WILFRED'S FOLDER\1HINDI ITO MOVIES APLLICATIONS 2\HIGH CPU USAGE\2
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\uTorrent) (Version: 3.4.2.38424 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.355 - ArcSoft)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
ATI Catalyst Install Manager (HKLM\...\{80CCF307-91AB-A249-E820-18E09DD3681D}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 6.0.1203.0 - AVAST Software)
Desura (HKLM-x32\...\Desura) (Version: 100.63 - Desura)
Desura: Baby Blues - Toddler Horror Game (HKLM-x32\...\Desura_87836376170528) (Version: Full - Kumi)
Desura: ERIE (HKLM-x32\...\Desura_81776177315872) (Version: Full - UGF)
Desura: ILLUSION - Ghost Killer (HKLM-x32\...\Desura_92002494447648) (Version: Full - Incrible Games)
Desura: VANISH (HKLM-x32\...\Desura_102409200205856) (Version: Beta - 3DrunkMen)
Erie (HKLM\...\UDK-2ea87fe7-b315-4532-9176-bf5e1f35183a) (Version: - Epic Games, Inc.)
EZDownloader (HKLM-x32\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader) <==== ATTENTION
Five Nights at Freddy's DEMO (HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Five Nights at Freddy's DEMO) (Version: - )
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version: - Garena Online Pte Ltd.)
Garena+ (HKLM-x32\...\im) (Version: - Garena Online Pte Ltd.)
Google Chrome (HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GovernorMirror (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{47d6400d}) (Version: - GovernorMirror) <==== ATTENTION
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
ManyCam 4.0.77 (HKLM-x32\...\ManyCam) (Version: 4.0.77 - Visicom Media Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
microvolts 1,0,0,0 (HKLM-x32\...\microvolts) (Version: 1,0,0,0 - CDNetworks)
MixPad (HKLM-x32\...\MixPad) (Version: 3.56 - NCH Software)
NVIDIA PhysX (HKLM-x32\...\{DD1865F0-AD73-40FB-B23E-1822E02396FF}) (Version: 9.09.0203 - NVIDIA Corporation)
Pink My Facebook (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
Reverse Page (HKLM\...\Reverse Page) (Version: 2015.01.07.132250 - Reverse Page) <==== ATTENTION
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sun Broadband Wireless (HKLM-x32\...\Sun Broadband Wireless) (Version: 11.300.05.03.256 - Huawei Technologies Co.,Ltd)
TuneUp Utilities 2014 (en-GB) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
uNisAaleus (HKLM-x32\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version: - ) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

20-01-2015 23:02:42 Windows Update
24-01-2015 18:28:00 Windows Update
27-01-2015 21:25:37 Windows Update
29-01-2015 18:45:30 avast! Free Antivirus Setup
29-01-2015 18:49:15 avast! Free Antivirus Setup
29-01-2015 18:52:51 avast! Free Antivirus Setup
29-01-2015 18:56:08 avast! Free Antivirus Setup
31-01-2015 10:49:06 Windows Update
03-02-2015 23:54:42 Windows Update
07-02-2015 15:07:29 Windows Update
07-02-2015 21:45:49 Revo Uninstaller's restore point - O2Jam (e-Games) v.3.50
07-02-2015 21:48:09 Revo Uninstaller's restore point - Virtual DJ Toolbar

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B1B2A32-AF92-4D05-80CD-D2E51FFEA71D} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: {0ECDCBA4-BAE2-47BD-B097-79E09E6FF85A} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {1F65A377-6FD8-4447-AF78-61533B521EAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {1FED595E-528A-4812-B07E-35EC875566B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)
Task: {8DB6138A-022C-430C-A7BC-937A257487C0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3376662306-939230167-2911087751-1000
Task: {910FEA15-D6EC-46BA-8CEE-B6321EB64E78} - System32\Tasks\{3FE479D7-4C16-4F84-AF5F-19BEE805E733} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {9AD39C66-BB29-485C-B0D8-03A12E5D7DCE} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {A11295BA-7DE1-45DA-9DB3-080860BF0DAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)
Task: {B6275BA7-9564-4D0D-8F0E-8DEF60AA9500} - System32\Tasks\{2E5B78AA-38BF-4778-9AFA-807719EEE1AC} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {BD3B9BD4-4CAA-449D-9E4C-7E1D3AA92640} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20] (Adobe Systems Incorporated)
Task: {C9EB0541-F535-4199-9C3C-7C2A6622C644} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {CAE7B97A-4251-4A65-A375-CCFFD54D874E} - System32\Tasks\{90DAC5D2-CAF4-4F25-BCCE-02CB99B25323} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {CFD6D81F-1416-4A87-9442-D1D846E398BE} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe
Task: {D81AB359-166E-4BFF-BC2D-628705D95F13} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2014-07-23] (Informer Technologies, Inc.)
Task: {E350AA9F-3633-49E2-9637-B546C83F6167} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {E55B75AC-4DA5-481B-BEBB-8FECC0B20453} - System32\Tasks\gg_uac_daemon_user => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2014-07-29] ()
Task: {F5BF9C02-3588-43A2-B3FD-7D4FF5149B8A} - System32\Tasks\{1A1D8D95-2E33-49FE-BAEA-C9464A3B2687} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {F7A491B7-56A6-4CB1-BF6A-CF90F8271909} - System32\Tasks\{8634AC55-6D38-4BE1-AE5F-4576F6A01709} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=12002
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-29 12:40 - 2014-07-29 12:40 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-06 14:03 - 2014-02-06 14:03 - 01162752 _____ () C:\ProgramData\{fde390e2-0b63-4adf-fde3-390e20b64388}\E206E.exe
2014-02-06 13:57 - 2014-02-06 13:57 - 01162752 _____ () C:\ProgramData\{f801907e-2449-590d-f801-1907e24441f8}\Rurouni Kenshin_ The Legend Ends English Subtitles.exe
2015-02-06 14:07 - 2014-11-26 03:29 - 00299008 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-03-20 14:44 - 2014-03-20 14:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2015-01-07 21:30 - 2015-01-07 21:30 - 00529144 _____ () C:\Program Files (x86)\Reverse Page\updateReversePage.exe
2015-01-29 18:56 - 2011-07-05 02:17 - 01268224 _____ () C:\Program Files\AVAST Software\Avast\defs\11070401\algo.dll
2014-07-29 12:40 - 2014-07-29 12:40 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2015-02-06 10:11 - 2015-02-04 17:02 - 01117512 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 10:11 - 2015-02-04 17:02 - 00211272 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\40.0.2214.111\libegl.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 06333024 _____ () C:\Program Files (x86)\Desura\bin\uicore.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 01735776 _____ () C:\Program Files (x86)\Desura\bin\mcfcore.dll
2014-10-06 13:39 - 2015-01-24 18:22 - 00535040 _____ () C:\Program Files (x86)\Desura\bin\gmock.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 05749344 _____ () C:\Program Files (x86)\Desura\bin\usercore.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 01616992 _____ () C:\Program Files (x86)\Desura\bin\webcore.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 02921472 _____ () C:\Program Files (x86)\Desura\bin\unittest.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 01962080 _____ () C:\Program Files (x86)\Desura\bin\servicecore.dll
2014-10-06 13:39 - 2014-10-06 13:39 - 18300416 _____ () C:\Program Files (x86)\Desura\bin\cef_desura.dll
2014-10-06 13:39 - 2014-10-06 13:39 - 01577761 _____ () C:\Program Files (x86)\Desura\bin\avcodec-53.dll
2014-10-06 13:39 - 2014-10-06 13:39 - 00134035 _____ () C:\Program Files (x86)\Desura\bin\avutil-51.dll
2014-10-06 13:39 - 2014-10-06 13:39 - 00213022 _____ () C:\Program Files (x86)\Desura\bin\avformat-53.dll
2014-10-06 13:39 - 2015-02-07 15:50 - 00794720 _____ () C:\Program Files (x86)\Desura\bin\scriptcore.dll
2014-10-06 13:39 - 2015-01-24 18:22 - 03444224 _____ () C:\Program Files (x86)\Desura\bin\v8.dll
2015-02-06 10:11 - 2015-02-04 17:02 - 09170760 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-06 10:11 - 2015-02-04 17:02 - 14965064 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3376662306-939230167-2911087751-500 - Administrator - Disabled)
Guest (S-1-5-21-3376662306-939230167-2911087751-501 - Limited - Disabled)
user (S-1-5-21-3376662306-939230167-2911087751-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: WiMAX Bus Eumerator
Description: WiMAX Bus Eumerator
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: TuneUpUtilitiesDrv
Description: TuneUpUtilitiesDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: TuneUpUtilitiesDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 10:46:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 04:57:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2015 07:27:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2015 04:19:51 PM) (Source: MsiInstaller) (EventID: 11706) (User: user-PC)
Description: Product: Microsoft Office Enterprise 2007 -- Error 1706.Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see SETUP.CHM.

Error: (02/07/2015 04:10:38 PM) (Source: MsiInstaller) (EventID: 11706) (User: user-PC)
Description: Product: Microsoft Office Enterprise 2007 -- Error 1706.Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see SETUP.CHM.

Error: (02/07/2015 04:00:43 PM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Google Chrome

Error: (02/07/2015 04:00:42 PM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Google Chrome

Error: (02/07/2015 04:00:38 PM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Google Chrome

Error: (02/07/2015 04:00:38 PM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Google Chrome

Error: (02/07/2015 04:00:38 PM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Google Chrome


System errors:
=============
Error: (02/08/2015 10:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TuneUpUtilitiesDrv service failed to start due to the following error:
%%2

Error: (02/08/2015 10:46:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error:
%%3

Error: (02/08/2015 10:46:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPDRIVER_1.36.1.172 service failed to start due to the following error:
%%3

Error: (02/08/2015 10:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error:
%%2

Error: (02/08/2015 10:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error:
%%2

Error: (02/08/2015 10:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error:
%%3

Error: (02/08/2015 10:45:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LighterEdit service to connect.

Error: (02/08/2015 05:49:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/08/2015 04:57:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TuneUpUtilitiesDrv service failed to start due to the following error:
%%2

Error: (02/08/2015 04:56:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error:
%%3


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 80%
Total physical RAM: 3892.52 MB
Available physical RAM: 768.42 MB
Total Pagefile: 7783.23 MB
Available Pagefile: 3389.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.78 GB) (Free:55.49 GB) NTFS
Drive d: () (Fixed) (Total:232.88 GB) (Free:232.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5C6C666C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 

LiquidTension

Malware Specialist
Joined
May 28, 2014
Messages
553
Hello,


STEP 1
CKScanner
  • Please download CKScanner and save the file to your Desktop.
  • Right-Click CKScanner.exe and select
    Run as administrator to run the programme.
  • Click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Please run this programme only once.
  • A log (CKFiles.txt) will be created on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
MGADiag
  • Please download MGADiag and save the file to your Desktop.
  • Right-click MGADiag and select
    Run as administrator to run the programme.
  • Click
    .
  • Click
    .
  • Press the Windows Key
    + r on your keyboard at the same time. Type Notepad and click OK.
  • Click Edit followed by Paste in Notepad.
  • Copy the contents of the log and paste in your next reply.

======================================================

STEP 3
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • CKFiles.txt
  • MGADiag log
 

piped21

Thread Starter
Joined
Sep 21, 2014
Messages
71
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\frst\quarantine\c\program files (x86)\garena plus\apps\blackshot\blackshot\data\_sg\script\weapon\weapon_firecracker.bsv
c:\users\user\desktop\giselle\portable photoshop\photoshop\presets\brushes\demolished_cracks__2__by_env1ro folder\1.abr
c:\users\user\documents\image-line\data\drumaxx\drum patches\sound fx\crack.dmpatch
scanner sequence 3.AB.11.JJNAGZ
----- EOF -----
 

piped21

Thread Starter
Joined
Sep 21, 2014
Messages
71
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-X92GV-V7DCV-P4K27
Windows Product Key Hash: aU2z1/fnhnLHmhBm699qYZT2E6s=
Windows Product ID: 00426-OEM-8992662-00400
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {85369FBA-B963-44A1-B49F-CD1669E1E1BB}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.141211-1742
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{85369FBA-B963-44A1-B49F-CD1669E1E1BB}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-P4K27</PKey><PID>00426-OEM-8992662-00400</PID><PIDType>2</PIDType><SID>S-1-5-21-3376662306-939230167-2911087751</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron N4010</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A10</Version><SMBIOSVersion major="2" minor="6"/><Date>20101020000000.000000+000</Date></BIOS><HWID>AF9B3107018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>China Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>QA09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65538</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600400-02-1033-7601.0000-0972014
Installation ID: 004796843764902923796831025462290240257913747701467276
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: P4K27
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 2/10/2015 8:54:57 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:22:2014 14:26
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAEAAAACAAAAAwABAAEA6GFSdsit7J4k9HiFRIrSTgK9xLFmKVxd

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SPCR PTLTD $UCRTBL$
SLIC DELL QA09
OSFR DELL DELL
ASF! CETP CETP
SSDT PmRef CpuPm
 

LiquidTension

Malware Specialist
Joined
May 28, 2014
Messages
553
OK, this is what we're dealing with - your Microsoft Office is cracked/pirated. It is not legitimate.
You must remove Microsoft Office from your computer. Please read about the dangers of cracked software below.

CRACKED SOFTWARE WARNING

------------------------------

One or more of the identified infections is a result of downloading cracked/pirated/keygen software. Participating in the use of such software is a security risk; your infected computer is evidence of this. Were you aware your machine has cracked software installed? We do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be reinfected otherwise. Simply visiting a cracked software site can result in infection from exploitation of vulnerabilities in your installed software.

Continuing in this practice will ensure your computer is continuously susceptible to malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please refer to the following articles for more information.
After you've removed Microsoft Office, you can download and install OpenOffice as a free, open source alternative for the time being. OpenOffice will essentially do the same job as Microsoft Office.

Then move onto the following:

STEP 1
Revo Uninstaller
  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme.
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.

    • EZDownloader
    • GovernorMirror
    • Pink My Facebook
    • Reverse Page
    • uNisAaleus

  • Double-click the programme.
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme will run. If prompted again click Yes.
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.

STEP 2
Junkware Removal Tool (JRT)
  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W8).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select
    Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted.
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.

STEP 3
AdwCleaner
  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select
    Run as administrator to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.


======================================================

STEP 4
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • Did the programmes uninstall OK?
  • JRT.txt
  • AdwCleaner[S0].txt
 

piped21

Thread Starter
Joined
Sep 21, 2014
Messages
71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by user on Thu 02/12/2015 at 21:19:04.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack
Failed to stop: [Service] APNMCP



~~~ Registry Values

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}



~~~ Files

Successfully deleted: [File] "C:\Users\user\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage"
Successfully deleted: [File] "C:\Users\user\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\user\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage"
Successfully deleted: [File] "C:\Users\user\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\windowsmangerprotect"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\pc speed maximizer"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\cool_mirage"
Successfully deleted: [Folder] "C:\Program Files (x86)\1clickmoviedownloader.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\pc speed maximizer"
Successfully deleted: [Folder] "C:\Program Files (x86)\youtubeadblocker"
Failed to delete: [Folder] "C:\Program Files (x86)\askpartnernetwork"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/12/2015 at 21:24:42.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

piped21

Thread Starter
Joined
Sep 21, 2014
Messages
71
# AdwCleaner v4.110 - Logfile created 12/02/2015 at 21:30:28
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\WILFRED'S FOLDER\1HINDI ITO MOVIES APLLICATIONS 2\HIGH CPU USAGE\2\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : APNMCP
[#] Service Deleted : IHProtect Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\Yellow AdBlocker
Folder Deleted : C:\ProgramData\14794052843789341492
Folder Deleted : C:\ProgramData\cd4f08adde6bd334
Folder Deleted : C:\ProgramData\da897ad60000211c
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\XTab
Folder Deleted : C:\Program Files (x86)\Uniusalees
Folder Deleted : C:\Users\user\AppData\Local\Temp\apn
Folder Deleted : C:\users\user\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\users\user\AppData\Local\CrashRpt
Folder Deleted : C:\users\user\AppData\Roaming\EZDownloader
Folder Deleted : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
Folder Deleted : C:\users\user\Documents\PC Speed Maximizer
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\Extensions\[email protected]
Folder Deleted : C:\ProgramData\niiagodioaabbflblagdiieffnnjplon
Folder Deleted : C:\ProgramData\odgpinfbhdmpmcldjpdlmcabapdebing
Folder Deleted : C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\plimopelmdneikoknbgpopffpbmlhgpa
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\plimopelmdneikoknbgpopffpbmlhgpa
File Deleted : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\searchplugins\WebSearch.xml
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\user.js
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorage
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorage-journal
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : PC Speed Maximizer Schedule
Task Deleted : YTDownloaderUpd

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\user\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaailpifkkekipiachodfkfmgmiapmp
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaailpifkkekipiachodfkfmgmiapmp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Key Deleted : HKLM\SOFTWARE\Classes\Pdd85157c_d5e5_45b9_856d_23765cb9c8d4_.Pdd85157c_d5e5_45b9_856d_23765cb9c8d4_
Key Deleted : HKLM\SOFTWARE\Classes\Pdd85157c_d5e5_45b9_856d_23765cb9c8d4_.Pdd85157c_d5e5_45b9_856d_23765cb9c8d4_.9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{dd85157c-d5e5-45b9-856d-23765cb9c8d4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5347542D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5347542D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{dd85157c-d5e5-45b9-856d-23765cb9c8d4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5347542D-5637-006A-76A7-7A786E7484D7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5347542D-5637-006A-76A7-7A786E7484D7}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5347542D-5637-006A-76A7-7A786E7484D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{dd85157c-d5e5-45b9-856d-23765cb9c8d4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5347542D-5637-006A-76A7-7A786E7484D7}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\446AA38E1FFC4AE99A0CBDEE511494A2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\pc speed maximizer
Key Deleted : HKCU\Software\YTDownloader
Key Deleted : HKCU\Software\Condut
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\omiga-plusSoftware
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\YTDownloader
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:56508;hxxps=127.0.0.1:56508

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v31.0 (x86 en-US)

[f9pwscyp.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://isearch.omiga-plus.com/newtab/?type=nt&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB");
[f9pwscyp.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH");
[f9pwscyp.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[f9pwscyp.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
[f9pwscyp.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[f9pwscyp.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[f9pwscyp.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[f9pwscyp.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[f9pwscyp.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH&l=1&q=");
[f9pwscyp.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH&l=1&q=");

-\\ Google Chrome v


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [67250 bytes] - [30/09/2014 17:27:49]
AdwCleaner[R1].txt - [34875 bytes] - [30/09/2014 20:29:02]
AdwCleaner[S0].txt - [45072 bytes] - [30/09/2014 17:34:42]
AdwCleaner[S1].txt - [12050 bytes] - [12/02/2015 21:30:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12110 bytes] ##########
 

LiquidTension

Malware Specialist
Joined
May 28, 2014
Messages
553
Hello,

Yes, Microsoft Office needs to be uninstalled as the programme is cracked/pirated, and not legitimate.
You may wish to consider looking into OpenOffice as I mentioned in my previous post. This is a free, open-source alternative to Microsoft Office, and will essentially do the same job. The main difference is appearance - but ultimately, functionality wise, the programme is very similar.

----------

Farbar Recovery Scan Tool (FRST) Scan
  • Right-Click FRST64.exe and select
    Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
 

piped21

Thread Starter
Joined
Sep 21, 2014
Messages
71
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by user at 2015-02-13 09:04:52
Running from C:\Users\user\Desktop\WILFRED'S FOLDER\1HINDI ITO MOVIES APLLICATIONS 2\HIGH CPU USAGE\2
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\uTorrent) (Version: 3.4.2.38424 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.355 - ArcSoft)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
ATI Catalyst Install Manager (HKLM\...\{80CCF307-91AB-A249-E820-18E09DD3681D}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 6.0.1203.0 - AVAST Software)
Erie (HKLM\...\UDK-2ea87fe7-b315-4532-9176-bf5e1f35183a) (Version: - Epic Games, Inc.)
Five Nights at Freddy's DEMO (HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Five Nights at Freddy's DEMO) (Version: - )
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version: - Garena Online Pte Ltd.)
Google Chrome (HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
ManyCam 4.0.77 (HKLM-x32\...\ManyCam) (Version: 4.0.77 - Visicom Media Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
microvolts 1,0,0,0 (HKLM-x32\...\microvolts) (Version: 1,0,0,0 - CDNetworks)
MixPad (HKLM-x32\...\MixPad) (Version: 3.56 - NCH Software)
NVIDIA PhysX (HKLM-x32\...\{DD1865F0-AD73-40FB-B23E-1822E02396FF}) (Version: 9.09.0203 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
Reverse Page (HKLM\...\Reverse Page) (Version: 2015.01.07.132250 - Reverse Page) <==== ATTENTION
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sun Broadband Wireless (HKLM-x32\...\Sun Broadband Wireless) (Version: 11.300.05.03.256 - Huawei Technologies Co.,Ltd)
TuneUp Utilities 2014 (en-GB) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
Virtual DJ Toolbar (HKLM-x32\...\{56444A2D-5637-006A-76A7-A758B70C0F00}) (Version: 12.15.0.169 - APN, LLC)
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll No File
CustomCLSID: HKU\S-1-5-21-3376662306-939230167-2911087751-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

07-02-2015 15:07:29 Windows Update
07-02-2015 21:45:49 Revo Uninstaller's restore point - O2Jam (e-Games) v.3.50
07-02-2015 21:48:09 Revo Uninstaller's restore point - Virtual DJ Toolbar
10-02-2015 18:09:13 Windows Update
10-02-2015 18:34:55 Restore Operation
10-02-2015 18:53:42 Windows Update
10-02-2015 20:45:02 Windows Modules Installer
10-02-2015 21:03:10 Revo Uninstaller's restore point - NavyField2
10-02-2015 21:08:26 Revo Uninstaller's restore point - Desura: ERIE
10-02-2015 21:10:42 Revo Uninstaller's restore point - Desura: ILLUSION - Ghost Killer
10-02-2015 21:13:04 Revo Uninstaller's restore point - Desura
10-02-2015 21:14:26 Revo Uninstaller's restore point - Desura: Baby Blues - Toddler Horror Game
10-02-2015 21:15:36 Revo Uninstaller's restore point - Desura: VANISH
10-02-2015 21:16:58 Revo Uninstaller's restore point - EZDownloader
10-02-2015 21:22:04 Revo Uninstaller's restore point - Microsoft OneDrive
10-02-2015 21:24:00 Revo Uninstaller's restore point - YTD Video Downloader 4.8.1
10-02-2015 21:25:19 Revo Uninstaller's restore point - Search App by Ask
11-02-2015 22:15:14 Windows Update
12-02-2015 19:48:26 Revo Uninstaller's restore point - Microsoft Office Enterprise 2007
12-02-2015 21:01:15 Revo Uninstaller's restore point - Microsoft Visual C++ 2005 Redistributable
12-02-2015 21:01:32 Removed Microsoft Visual C++ 2005 Redistributable
12-02-2015 21:04:28 Revo Uninstaller's restore point - uNisAaleus
12-02-2015 21:06:13 Revo Uninstaller's restore point - Pink My Facebook
12-02-2015 21:08:32 Revo Uninstaller's restore point - GovernorMirror
12-02-2015 21:10:00 Revo Uninstaller's restore point - O2Jam (e-Games) v.3.50
12-02-2015 21:15:39 Installed OpenOffice 4.1.1
13-02-2015 00:15:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B1B2A32-AF92-4D05-80CD-D2E51FFEA71D} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: {0ECDCBA4-BAE2-47BD-B097-79E09E6FF85A} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {1F65A377-6FD8-4447-AF78-61533B521EAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {1FED595E-528A-4812-B07E-35EC875566B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)
Task: {8DB6138A-022C-430C-A7BC-937A257487C0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3376662306-939230167-2911087751-1000
Task: {910FEA15-D6EC-46BA-8CEE-B6321EB64E78} - System32\Tasks\{3FE479D7-4C16-4F84-AF5F-19BEE805E733} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {A11295BA-7DE1-45DA-9DB3-080860BF0DAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)
Task: {B6275BA7-9564-4D0D-8F0E-8DEF60AA9500} - System32\Tasks\{2E5B78AA-38BF-4778-9AFA-807719EEE1AC} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {BD3B9BD4-4CAA-449D-9E4C-7E1D3AA92640} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20] (Adobe Systems Incorporated)
Task: {C9EB0541-F535-4199-9C3C-7C2A6622C644} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {CAE7B97A-4251-4A65-A375-CCFFD54D874E} - System32\Tasks\{90DAC5D2-CAF4-4F25-BCCE-02CB99B25323} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {D81AB359-166E-4BFF-BC2D-628705D95F13} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2014-07-23] (Informer Technologies, Inc.)
Task: {E350AA9F-3633-49E2-9637-B546C83F6167} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {F5BF9C02-3588-43A2-B3FD-7D4FF5149B8A} - System32\Tasks\{1A1D8D95-2E33-49FE-BAEA-C9464A3B2687} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {F7A491B7-56A6-4CB1-BF6A-CF90F8271909} - System32\Tasks\{8634AC55-6D38-4BE1-AE5F-4576F6A01709} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=12002
Task: {FBF461CF-50EB-4178-8B8B-6013F3DA069A} - System32\Tasks\gg_uac_daemon_user => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2014-07-29] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-06 14:03 - 2014-02-06 14:03 - 01162752 _____ () C:\ProgramData\{fde390e2-0b63-4adf-fde3-390e20b64388}\E206E.exe
2014-02-06 13:57 - 2014-02-06 13:57 - 01162752 _____ () C:\ProgramData\{f801907e-2449-590d-f801-1907e24441f8}\Rurouni Kenshin_ The Legend Ends English Subtitles.exe
2014-07-29 12:40 - 2014-07-29 12:40 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2015-01-29 18:56 - 2011-07-05 02:17 - 01268224 _____ () C:\Program Files\AVAST Software\Avast\defs\11070401\algo.dll
2015-02-06 10:11 - 2015-02-04 17:02 - 01117512 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 10:11 - 2015-02-04 17:02 - 00211272 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\40.0.2214.111\libegl.dll
2014-07-29 12:40 - 2014-07-29 12:40 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2015-02-06 10:11 - 2015-02-04 17:02 - 09170760 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-06 10:11 - 2015-02-04 17:02 - 14965064 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: IHProtect Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: Update Reverse Page => 2

==================== Accounts: =============================

Administrator (S-1-5-21-3376662306-939230167-2911087751-500 - Administrator - Disabled)
Guest (S-1-5-21-3376662306-939230167-2911087751-501 - Limited - Disabled)
user (S-1-5-21-3376662306-939230167-2911087751-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: WiMAX Bus Eumerator
Description: WiMAX Bus Eumerator
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2015 08:19:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2015 09:33:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/13/2015 08:18:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error:
%%3

Error: (02/13/2015 08:18:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPDRIVER_1.36.1.172 service failed to start due to the following error:
%%3

Error: (02/13/2015 08:18:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error:
%%2

Error: (02/13/2015 08:18:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error:
%%2

Error: (02/13/2015 08:18:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error:
%%3

Error: (02/13/2015 00:15:19 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (02/12/2015 09:32:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error:
%%3

Error: (02/12/2015 09:32:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPDRIVER_1.36.1.172 service failed to start due to the following error:
%%3

Error: (02/12/2015 09:32:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error:
%%2

Error: (02/12/2015 09:32:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 41%
Total physical RAM: 3892.52 MB
Available physical RAM: 2283.52 MB
Total Pagefile: 9728.71 MB
Available Pagefile: 7601.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.78 GB) (Free:58.29 GB) NTFS
Drive d: () (Fixed) (Total:232.88 GB) (Free:232.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5C6C666C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top