Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by user (administrator) on USER-PC on 08-02-2015 23:13:34
Running from C:\Users\user\Desktop\WILFRED'S FOLDER\1HINDI ITO MOVIES APLLICATIONS 2\HIGH CPU USAGE\2
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Desura Net Pty Ltd) C:\Program Files (x86)\Desura\desura.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\ProgramData\{fde390e2-0b63-4adf-fde3-390e20b64388}\E206E.exe
() C:\ProgramData\{f801907e-2449-590d-f801-1907e24441f8}\Rurouni Kenshin_ The Legend Ends English Subtitles.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\Reverse Page\updateReversePage.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Desura Net Pty Ltd) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13286472 2013-02-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [3493720 2011-07-04] (AVAST Software)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1938840 2015-01-15] (APN)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9974576 2014-10-24] ()
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [SPDriver] => .\JSDriver\1.36.1.172\jsdrv.exe
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-07] (Google Inc.)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2679392 2015-02-07] (Desura Net Pty Ltd)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [1734992 2015-01-30] (BitTorrent Inc.)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\CurrentVersion\Windows: [Load] C:\Users\user\LOCALS~1\Temp\ccqyiveav.pif <===== ATTENTION
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\MountPoints2: {5857ff80-c44b-11e3-ad8f-f04da25bb0a2} - F:\AutoRun.exe
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\MountPoints2: {5857ff8e-c44b-11e3-ad8f-f04da25bb0a2} - G:\AutoRun.exe
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\MountPoints2: {6dfd117f-c4ab-11e3-94c9-f04da25bb0a2} - F:\AutoRun.exe
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\...\MountPoints2: {ac9b4095-329f-11e4-89b3-f04da25bb0a2} - G:\HTC_Sync_Manager_PC.exe
IFEO\mypc backup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\softinfo.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E206E.lnk
ShortcutTarget: E206E.lnk -> C:\ProgramData\{fde390e2-0b63-4adf-fde3-390e20b64388}\E206E.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rurouni Kenshin_ The Legend Ends English Subtitles.lnk
ShortcutTarget: Rurouni Kenshin_ The Legend Ends English Subtitles.lnk -> C:\ProgramData\{f801907e-2449-590d-f801-1907e24441f8}\Rurouni Kenshin_ The Legend Ends English Subtitles.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56508;https=127.0.0.1:56508
ProxyServer: [S-1-5-21-3376662306-939230167-2911087751-1000] => http=127.0.0.1:56508;https=127.0.0.1:56508
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://isearch.omiga-plus.com/?type...ld&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
http://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://isearch.omiga-plus.com/?type...ld&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://isearch.omiga-plus.com/?type...ld&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420642054&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
http://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://isearch.omiga-plus.com/?type...ld&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.bing.com
HKU\S-1-5-21-3376662306-939230167-2911087751-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420642054&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
SearchScopes: HKU\S-1-5-21-3376662306-939230167-2911087751-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
SearchScopes: HKU\S-1-5-21-3376662306-939230167-2911087751-1000 -> 446AA38E1FFC4AE99A0CBDEE511494A2 URL = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=1523565605625643814&crg=&ppd=search,46968492601,skype+download,e,,c,Skype,,,
www.fileparade.com&st=23&i=48&did=10844
SearchScopes: HKU\S-1-5-21-3376662306-939230167-2911087751-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420642054&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3376662306-939230167-2911087751-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtheglobe.info/?l=1&q={searchTerms}&pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
BHO: iWebar -> {11111111-1111-1111-1111-110311551110} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
BHO: uNisAaleus -> {159c7a36-1d4d-49f6-8df2-128a7a10a7ff} -> C:\Program Files (x86)\uNisAaleus\UfpV1DgPRvK3WE.x64.dll ()
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Ask Toolbar -> {5347542D-5637-006A-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport_x64.dll" No File
BHO: No Name -> {56444A2D-5637-006A-76A7-7A786E7484D7} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: saafeweb -> {B858C2C3-C588-9BC5-E2CF-7D7FCB8A4B60} -> C:\Program Files (x86)\saafeweb\_IQH9gPZ.x64.dll No File
BHO-x32: uNisAaleus -> {159c7a36-1d4d-49f6-8df2-128a7a10a7ff} -> C:\Program Files (x86)\uNisAaleus\UfpV1DgPRvK3WE.dll ()
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: No Name -> {5347542D-5637-006A-76A7-7A786E7484D7} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Reverse Page 1.0.0.6 -> {83dc36e5-db3f-461a-8fbc-245e44000b1f} -> C:\Program Files (x86)\Reverse Page\ReversePagebho.dll (Reverse Page)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {5347542D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport_x64.dll" No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {5347542D-5637-006A-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-3376662306-939230167-2911087751-1000 -> Ask Toolbar - {5347542D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport_x64.dll" No File
Toolbar: HKU\S-1-5-21-3376662306-939230167-2911087751-1000 -> No Name - {56444A2D-5637-006A-76A7-7A786E7484D7} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
http://isearch.omiga-plus.com/?type...ld&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default
FF NewTab: hxxp://isearch.omiga-plus.com/newtab/?type=nt&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
FF Homepage: hxxp://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL: hxxp://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH&l=1&q=
FF DefaultSearchUrl: hxxp://websearch.searchtheglobe.info/?pid=724&r=2015/02/06&hid=8980212782050047366&lg=EN&cc=PH&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3376662306-939230167-2911087751-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3376662306-939230167-2911087751-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\user.js
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\searchplugins\WebSearch.xml
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\Extensions\
[email protected] [2014-09-26]
FF Extension: Fast Start - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\Extensions\
[email protected] [2015-01-07]
FF Extension: {{EXT_NAME}} - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\Extensions\{12b6fdcd-4423-4276-82a3-73fdbff5f7e4} [2014-10-03]
FF Extension: Reverse Page 1.0.1 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\Extensions\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}.xpi [2015-01-07]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-29]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\extensions\
[email protected]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f9pwscyp.default\extensions\
[email protected]2d1973314.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1396871762&from=amt&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1396871762&from=amt&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB", "hxxp://www.search.ask.com/?tpid=SGT-V7&o=APN11004&pf=V7&trgb=CR&p2=%5EB3Q%5EYYYYYY%5EYY%5EPH&gct=hp&apn_ptnrs=%5EB3Q&apn_dtid=%5EYYYYYY%5EYY%5EPH&apn_dbr=ie_8.0.7601.17514&apn_uid=DC98714B-9F42-4FC8-8E39-A9F00684B9C9&itbv=12.10.6.5030&doi=2014-04-16&psv=", "hxxp://mysearch.sweetpacks.com/?barid=1523565605625643814&src=10&&st=23&i=48&did=10844", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1420641920&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1420642009&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420642054&from=ild&uid=ST500LT012-9WS142_W0V57ENBXXXXW0V57ENB"
CHR DefaultSearchKeyword: Default -> mysearch.sweetpacks.com
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaailpifkkekipiachodfkfmgmiapmp [2014-04-16]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-07]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (FilmFanatic) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg [2014-09-07]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]
CHR Extension: (Elite Unzip) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2014-10-25]
CHR Extension: (avast! WebRep) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2015-01-30]
CHR Extension: (safewweeb) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkgadipkgbabgfgaaifkcligmadkenmm [2014-04-07]
CHR Extension: (Undeaddies) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni [2014-11-25]
CHR Extension: (Flash Player) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbefghbdbnbbmkpoeigjealdphmdkbhh [2014-05-01]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Pink My Facebook) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\okcdpfndmnjdijikpehblfeancekjcgo [2015-02-06]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]
CHR Extension: (League of Legends) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnebjcbjacbfiiohelmhennfcajmpala [2014-09-13]
CHR HKLM\...\Chrome\Extension: [aaaailpifkkekipiachodfkfmgmiapmp] - C:\ProgramData\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaailpifkkekipiachodfkfmgmiapmp] - C:\ProgramData\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [emifpdknblofhkmfakapfbpmopnmcdmo] - C:\Program Files (x86)\SuddenlyMusic_93 Chrome Extension\bar\
[email protected] [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 47d6400d; c:\Program Files (x86)\LighterEdit\LighterEdit.dll [1538560 2015-02-06] () [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2014-09-04] () [File not signed]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-15] (APN LLC.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [42184 2011-07-04] (AVAST Software)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-26] (Just Develop It) <==== ATTENTION
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5132656 2013-11-21] (INCA Internet Co., Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
R2 Update Reverse Page; C:\Program Files (x86)\Reverse Page\updateReversePage.exe [529144 2015-01-07] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22360 2011-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [64856 2011-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-07-04] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [600920 2011-07-04] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [288088 2011-07-04] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [45400 2011-07-04] (AVAST Software)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [113792 2009-06-22] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-02-04] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-04] (Qualcomm Atheros Co., Ltd.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1047144 2011-09-07] (Realtek Semiconductor Corporation )
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S2 SPDRIVER_1.36.1.172; .\JSDriver\1.36.1.172\jsdrv.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 21:44 - 2015-02-07 21:44 - 00001264 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk
2015-02-07 21:44 - 2015-02-07 21:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-06 14:22 - 2015-02-06 14:23 - 00000000 ____D () C:\Users\user\Downloads\Sonic Journeys - Rock Doc Collection
2015-02-06 14:17 - 2015-02-06 14:17 - 00000000 ____D () C:\Users\user\AppData\Roaming\EZDownloader
2015-02-06 14:07 - 2015-02-06 14:07 - 00000000 ____D () C:\Windows\SysWOW64\X86
2015-02-06 14:07 - 2015-02-06 14:07 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-02-06 14:07 - 2015-02-06 14:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-02-06 14:07 - 2015-02-06 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
2015-02-06 14:06 - 2015-02-07 14:59 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-02-06 14:06 - 2015-02-06 14:06 - 00000000 ____D () C:\Program Files (x86)\LighterEdit
2015-02-06 14:04 - 2015-02-06 14:04 - 00000000 ____D () C:\Program Files (x86)\uNisAaleus
2015-02-06 14:04 - 2015-02-06 14:04 - 00000000 ____D () C:\Program Files (x86)\Pink My Facebook
2015-02-06 14:03 - 2015-02-06 14:21 - 00000000 ____D () C:\ProgramData\{fde390e2-0b63-4adf-fde3-390e20b64388}
2015-02-06 14:03 - 2015-02-06 14:03 - 00000000 ____D () C:\ProgramData\odgpinfbhdmpmcldjpdlmcabapdebing
2015-02-06 13:58 - 2015-02-06 13:58 - 00000000 ____D () C:\ProgramData\niiagodioaabbflblagdiieffnnjplon
2015-02-06 13:58 - 2015-02-06 13:58 - 00000000 ____D () C:\ProgramData\14794052843789341492
2015-02-06 13:58 - 2015-02-06 13:58 - 00000000 ____D () C:\Program Files (x86)\Uniusalees
2015-02-06 13:57 - 2015-02-06 14:21 - 00000000 ____D () C:\ProgramData\{f801907e-2449-590d-f801-1907e24441f8}
2015-01-30 22:51 - 2015-02-08 22:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2015-01-30 22:51 - 2015-01-30 22:51 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-30 22:51 - 2015-01-30 22:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-30 22:51 - 2015-01-30 22:51 - 00000000 ____D () C:\Users\user\AppData\Local\Skype
2015-01-30 22:51 - 2015-01-30 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-30 22:50 - 2015-01-30 22:50 - 00000000 ____D () C:\ProgramData\Skype
2015-01-30 22:43 - 2015-01-30 22:43 - 00000000 ____D () C:\Users\user\AppData\Local\AskPartnerNetwork
2015-01-30 22:43 - 2015-01-30 22:43 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2015-01-30 22:41 - 2015-02-08 23:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2015-01-30 22:41 - 2015-01-30 22:41 - 00000792 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-30 22:41 - 2015-01-30 22:41 - 00000000 ____D () C:\Users\user\AppData\Roaming\OpenCandy
2015-01-30 22:41 - 2015-01-30 22:41 - 00000000 ____D () C:\ProgramData\APN
2015-01-29 18:57 - 2015-01-29 18:57 - 00001801 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-01-29 18:57 - 2015-01-29 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
2015-01-29 18:57 - 2011-07-04 19:36 - 00600920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-01-29 18:57 - 2011-07-04 19:36 - 00288088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-29 18:57 - 2011-07-04 19:35 - 00045400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-01-29 18:57 - 2011-07-04 19:32 - 00064856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-29 18:57 - 2011-07-04 19:32 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-01-29 18:57 - 2011-07-04 19:32 - 00022360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2015-01-29 18:56 - 2011-07-04 19:43 - 00199304 _____ (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2015-01-29 18:56 - 2011-07-04 19:43 - 00040112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-29 18:53 - 2015-01-29 18:58 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2015-01-28 08:37 - 2015-01-28 08:37 - 00000000 ____D () C:\ATI
2015-01-18 23:51 - 2015-01-18 23:51 - 00010456 _____ () C:\Users\user\Downloads\GARCIA-DARREN-ESTHER-O._PRELIM-IN-COMPUTER.xlsx
2015-01-18 14:20 - 2015-01-18 14:20 - 00032796 _____ () C:\Users\user\Downloads\cejApOEZ.jpeg
2015-01-15 20:03 - 2015-01-15 22:15 - 00000000 ____D () C:\Program Files (x86)\microvolts
2015-01-15 19:38 - 2015-02-07 15:58 - 00000000 ____D () C:\Program Files (x86)\SD EnterNET
2015-01-15 17:14 - 2015-01-15 19:26 - 1135046016 _____ (Acresso Software Inc. ) C:\Users\user\Downloads\navyfield2.exe
2015-01-14 21:19 - 2014-12-19 11:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 21:19 - 2014-12-19 09:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 21:19 - 2014-12-12 13:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 21:19 - 2014-12-12 13:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 21:19 - 2014-12-12 13:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 21:19 - 2014-12-12 13:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 21:19 - 2014-12-12 13:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 21:19 - 2014-12-12 13:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 21:19 - 2014-12-12 13:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 21:19 - 2014-12-12 01:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 21:19 - 2014-12-06 12:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 21:19 - 2014-12-06 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 21:19 - 2014-12-06 11:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 23:13 - 2014-09-26 09:23 - 00000000 ____D () C:\FRST
2015-02-08 23:09 - 2014-04-07 18:29 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000UA.job
2015-02-08 22:53 - 2009-07-14 12:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 22:53 - 2009-07-14 12:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 22:50 - 2014-04-07 12:46 - 01401792 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 22:48 - 2014-04-07 12:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 22:47 - 2014-10-06 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
2015-02-08 22:47 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-08 22:45 - 2014-04-07 22:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 22:45 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 22:45 - 2009-07-14 12:51 - 00104795 _____ () C:\Windows\setupact.log
2015-02-08 17:18 - 2014-04-07 22:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 22:09 - 2014-04-07 18:29 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000Core.job
2015-02-07 16:19 - 2014-04-07 12:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-07 15:50 - 2014-10-06 13:24 - 00000000 ____D () C:\Program Files (x86)\Desura
2015-02-06 12:17 - 2014-04-07 21:30 - 00000000 ____D () C:\Users\user\Desktop\WILFRED'S FOLDER
2015-02-06 10:52 - 2014-09-11 22:13 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-02-06 10:27 - 2009-07-14 13:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 10:11 - 2014-04-07 12:54 - 00002531 _____ () C:\Users\user\Desktop\Google Chrome.lnk
2015-02-05 22:12 - 2014-04-07 22:13 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 22:12 - 2014-04-07 22:13 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 22:04 - 2014-04-07 18:29 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000UA
2015-02-05 22:04 - 2014-04-07 18:29 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376662306-939230167-2911087751-1000Core
2015-01-31 10:41 - 2010-11-21 11:47 - 00049272 _____ () C:\Windows\PFRO.log
2015-01-29 18:57 - 2014-04-07 22:13 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2015-01-29 18:56 - 2014-04-07 22:13 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-28 20:55 - 2014-06-10 21:35 - 00000000 ____D () C:\Users\user\Desktop\giselle
2015-01-22 19:55 - 2014-05-12 14:16 - 00000000 ____D () C:\Users\user\Desktop\MEME
2015-01-17 20:18 - 2014-04-07 18:08 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-17 15:19 - 2014-12-01 21:06 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2015-01-17 13:59 - 2009-07-14 13:08 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-16 23:04 - 2014-12-16 00:54 - 00000000 ____D () C:\Users\user\Desktop\newsongs
2015-01-15 19:44 - 2014-05-04 19:21 - 00044884 _____ () C:\Windows\DirectX.log
2015-01-14 21:49 - 2014-05-16 10:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:44 - 2014-05-16 10:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2014-07-26 04:29 - 2014-12-19 00:50 - 0045270 _____ () C:\Users\user\AppData\Roaming\room_v3.dat
2014-05-02 12:17 - 2014-10-25 20:35 - 0027136 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-18 11:50 - 2014-08-17 00:31 - 0007595 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2014-10-05 23:42 - 2014-10-06 00:09 - 0877747 ____N () C:\Users\user\AppData\Local\Tempmusic.ogg
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\679648f7.exe
C:\Users\user\AppData\Local\Temp\amt_webssearches.exe
C:\Users\user\AppData\Local\Temp\BackupSetup.exe
C:\Users\user\AppData\Local\Temp\bs.exe
C:\Users\user\AppData\Local\Temp\burnsetup.exe
C:\Users\user\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\user\AppData\Local\Temp\down.1728.ytab_setup.exe
C:\Users\user\AppData\Local\Temp\E206E.exe
C:\Users\user\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\user\AppData\Local\Temp\GUR7ABA.exe
C:\Users\user\AppData\Local\Temp\hdfgjd2.exe
C:\Users\user\AppData\Local\Temp\installer.exe
C:\Users\user\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\mgsqlite3.dll
C:\Users\user\AppData\Local\Temp\NeffySetup.exe
C:\Users\user\AppData\Local\Temp\OnlineBackup.exe
C:\Users\user\AppData\Local\Temp\patch_3050403.exe
C:\Users\user\AppData\Local\Temp\patch_3050501.exe
C:\Users\user\AppData\Local\Temp\PH_140805to140819.exe
C:\Users\user\AppData\Local\Temp\PH_140819to140903.exe
C:\Users\user\AppData\Local\Temp\PH_140903to140916.exe
C:\Users\user\AppData\Local\Temp\PH_140916to140930.exe
C:\Users\user\AppData\Local\Temp\PH_140930to141003.exe
C:\Users\user\AppData\Local\Temp\PH_141003to141014.exe
C:\Users\user\AppData\Local\Temp\PH_141014to141021.exe
C:\Users\user\AppData\Local\Temp\PH_141021to141111.exe
C:\Users\user\AppData\Local\Temp\PH_141111to141118.exe
C:\Users\user\AppData\Local\Temp\PH_141118to141119.exe
C:\Users\user\AppData\Local\Temp\PH_141119to141125.exe
C:\Users\user\AppData\Local\Temp\PH_141125to141215.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\ResetDevice.exe
C:\Users\user\AppData\Local\Temp\Runner2.exe
C:\Users\user\AppData\Local\Temp\Runner4.exe
C:\Users\user\AppData\Local\Temp\ShopperProJSFull.exe
C:\Users\user\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\user\AppData\Local\Temp\smarter.exe
C:\Users\user\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\user\AppData\Local\Temp\Tsu6BF0F28F.dll
C:\Users\user\AppData\Local\Temp\update_2_198.exe
C:\Users\user\AppData\Local\Temp\update_2_199.exe
C:\Users\user\AppData\Local\Temp\update_2_200.exe
C:\Users\user\AppData\Local\Temp\uttB2A4.tmp.exe
C:\Users\user\AppData\Local\Temp\uttCBC1.tmp.exe
C:\Users\user\AppData\Local\Temp\vcredist_x64.exe
C:\Users\user\AppData\Local\Temp\wpsetup.exe
C:\Users\user\AppData\Local\Temp\WSSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-06 22:03
==================== End Of Log ============================