Ran by user1 (administrator) on USER on 08-02-2015 23:35:07
Running from C:\Users\user1\Downloads
Loaded Profiles: user1 (Available profiles: user1)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
() C:\Users\user1\AppData\Local\Viber\Viber.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(PC Utilities Software Limited) C:\ProgramData\{89df1a11-d1d8-f4cc-89df-f1a11d1d6847}\OptimizerProInstaller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [gmsd_de_174] => [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\...\Run: [Facebook Update] => C:\Users\user1\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-28] (Facebook Inc.)
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\...\Run: [Viber] => C:\Users\user1\AppData\Local\Viber\Viber.exe [936656 2014-10-20] ()
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3289088 2007-11-21] (Google)
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\...\Run: [DellSystemDetect] => C:\Users\user1\AppData\Local\Apps\2.0\L7NJ2XQ3.CWX\1A3JKPWM.A1E\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-10-22] (Dell)
Startup: C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk
ShortcutTarget: OptimizerProInstaller.lnk -> C:\ProgramData\{89df1a11-d1d8-f4cc-89df-f1a11d1d6847}\OptimizerProInstaller.exe (PC Utilities Software Limited)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpp ... 40A3442940
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type ... 3442940&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpp ... 40A3442940
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type ... 3442940&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type ... 3442940&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type ... 3442940&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type ... 3442940&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-961901972-2914913119-3437931070-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-961901972-2914913119-3437931070-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&c ... 78ACE9C&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-961901972-2914913119-3437931070-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_ ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-961901972-2914913119-3437931070-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_ ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-961901972-2914913119-3437931070-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type ... 3442940&q={searchTerms}
SearchScopes: HKU\S-1-5-21-961901972-2914913119-3437931070-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_ ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-961901972-2914913119-3437931070-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc ... 40A3442940
FireFox:
========
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-961901972-2914913119-3437931070-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\user1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-24]
FF HKU\S-1-5-21-961901972-2914913119-3437931070-1001\...\Firefox\Extensions: [speedtest211@BestOffers] - C:\Users\user1\AppData\Roaming\Mozilla\Extensions\speedtest211\speedtest211.xpi
FF Extension: Speed Test - C:\Users\user1\AppData\Roaming\Mozilla\Extensions\speedtest211\speedtest211.xpi [2014-09-07]
Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hpp ... 40A3442940
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-22]
CHR Extension: (YouTube) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
CHR Extension: (Google Search) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
CHR Extension: (Google Wallet) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Gmail) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-24] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-15] (Intel Corporation)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 serverjo; C:\Users\user1\AppData\Roaming\VOPackage\JOSrv.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-24] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-24] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R1 {089299d4-0680-4375-a6a9-d9a7c9109a71}Gw64; C:\Windows\System32\drivers\{089299d4-0680-4375-a6a9-d9a7c9109a71}Gw64.sys [48792 2015-02-04] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 23:35 - 2015-02-08 23:35 - 00018116 _____ () C:\Users\user1\Downloads\FRST.txt
2015-02-08 23:33 - 2015-02-08 23:35 - 00000000 ____D () C:\FRST
2015-02-08 23:29 - 2015-02-08 23:30 - 02132992 _____ (Farbar) C:\Users\user1\Downloads\FRST64.exe
2015-02-08 16:33 - 2015-02-08 16:33 - 00000000 ___RD () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-06 16:33 - 2015-02-06 16:34 - 00000197 _____ () C:\Windows\system32\2015-02-06-15-33-08.070-AvastVBoxSVC.exe-2240.log
2015-02-06 09:21 - 2015-02-06 09:21 - 00001181 _____ () C:\Users\user1\Desktop\Google Talk.lnk
2015-02-06 09:21 - 2015-02-06 09:21 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
2015-02-06 09:20 - 2015-02-06 09:21 - 01342176 _____ () C:\Users\user1\Downloads\googletalk-setup-en-gb (1).exe
2015-02-06 09:09 - 2015-02-06 09:09 - 00503776 _____ ( ) C:\Users\user1\Downloads\setup (1).exe
2015-02-06 08:26 - 2015-02-06 08:27 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\user1\Downloads\SpyHunter-Installer (4).exe
2015-02-06 01:00 - 2015-02-06 01:00 - 00000197 _____ () C:\Windows\system32\2015-02-06-00-00-36.060-AvastVBoxSVC.exe-2372.log
2015-02-06 00:54 - 2015-02-06 00:56 - 00000197 _____ () C:\Windows\system32\2015-02-05-23-54-56.099-AvastVBoxSVC.exe-7124.log
2015-02-06 00:32 - 2015-02-06 00:32 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\user1\Downloads\SpyHunter-Installer (3).exe
2015-02-06 00:31 - 2015-02-06 00:31 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\user1\Downloads\SpyHunter-Installer (2).exe
2015-02-06 00:26 - 2015-02-06 00:26 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\user1\Downloads\SpyHunter-Installer (1).exe
2015-02-05 22:36 - 2015-02-05 22:36 - 00000000 _____ () C:\autoexec.bat
2015-02-05 22:34 - 2015-02-05 22:34 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\user1\Downloads\SpyHunter-Installer.exe
2015-02-05 13:21 - 2015-02-05 13:21 - 00000197 _____ () C:\Windows\system32\2015-02-05-12-21-08.016-AvastVBoxSVC.exe-2828.log
2015-02-05 10:22 - 2015-02-05 10:22 - 01342176 _____ () C:\Users\user1\Downloads\googletalk-setup-en-gb.exe
2015-02-05 07:19 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-02-05 07:19 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-02-05 07:08 - 2015-02-05 07:09 - 00000197 _____ () C:\Windows\system32\2015-02-05-06-08-02.056-AvastVBoxSVC.exe-2092.log
2015-02-05 00:59 - 2015-02-05 00:59 - 00003144 _____ () C:\Windows\System32\Tasks\{908AD6E3-7E56-4C5A-9CD9-CA611325C883}
2015-02-04 22:58 - 2015-02-04 22:58 - 00000247 _____ () C:\Windows\system32\2015-02-04-21-58-18.046-aswFe.exe-384.log
2015-02-04 22:58 - 2015-02-04 22:58 - 00000000 ____D () C:\ProgramData\6bb9509c0000640c
2015-02-04 22:48 - 2015-02-04 22:58 - 00000247 _____ () C:\Windows\system32\2015-02-04-21-48-44.052-aswFe.exe-4172.log
2015-02-04 22:48 - 2015-02-04 22:48 - 00000197 _____ () C:\Windows\system32\2015-02-04-21-48-41.015-AvastVBoxSVC.exe-4388.log
2015-02-04 22:39 - 2015-02-04 22:39 - 00000000 ____D () C:\Program Files (x86)\predm
2015-02-04 22:32 - 2015-02-04 22:34 - 00002212 _____ () C:\Users\user1\Desktop\chrome.lnk
2015-02-04 22:27 - 2015-02-04 22:27 - 00000000 ____D () C:\Users\user1\AppData\Roaming\K9AMW
2015-02-04 22:05 - 2015-02-04 22:05 - 00002267 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 21:58 - 2015-02-04 10:36 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{089299d4-0680-4375-a6a9-d9a7c9109a71}Gw64.sys
2015-02-04 19:37 - 2015-02-04 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk
2015-02-04 18:47 - 2015-02-04 18:48 - 00000197 _____ () C:\Windows\system32\2015-02-04-17-47-41.032-AvastVBoxSVC.exe-2324.log
2015-02-04 18:31 - 2015-02-04 18:33 - 00000165 _____ () C:\Windows\Reimage.ini
2015-02-04 17:24 - 2015-02-04 17:24 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-02-04 17:24 - 2015-02-04 17:24 - 00000000 ____D () C:\Program Files\MSBuild
2015-02-04 17:24 - 2015-02-04 17:24 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-02-04 17:24 - 2015-02-04 17:24 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-04 17:22 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2015-02-04 17:22 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-02-04 17:22 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2015-02-04 17:22 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-02-04 17:18 - 2015-02-06 00:28 - 00000000 ____D () C:\Users\user1\AppData\Roaming\omiga-plus
2015-02-04 17:18 - 2015-02-04 22:59 - 00000000 ____D () C:\Users\user1\AppData\Roaming\systweak
2015-02-04 17:18 - 2015-01-30 16:23 - 00017000 _____ () C:\Windows\system32\roboot64.exe
2015-02-04 17:01 - 2015-02-04 17:01 - 00000000 ____D () C:\Users\user1\Documents\Optimizer Pro
2015-02-04 16:58 - 2015-02-04 16:58 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-02-04 16:57 - 2015-02-04 17:19 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-02-04 16:57 - 2015-02-04 16:57 - 00003748 _____ () C:\Windows\System32\Tasks\PostPoneInstall
2015-02-04 16:57 - 2015-02-04 16:57 - 00003144 _____ () C:\Windows\System32\Tasks\Run_Bobby_Browser
2015-02-04 16:57 - 2015-02-04 16:57 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Opera Software
2015-02-04 16:57 - 2015-02-04 16:57 - 00000000 ____D () C:\Users\user1\AppData\Local\Opera Software
2015-02-04 16:56 - 2015-02-04 22:58 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.38
2015-02-04 16:56 - 2015-02-04 22:57 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-04 16:56 - 2015-02-04 22:32 - 00000000 ____D () C:\Users\user1\AppData\Local\BoBrowser
2015-02-04 16:56 - 2015-02-04 18:46 - 00000000 ____D () C:\ProgramData\{89df1a11-d1d8-f4cc-89df-f1a11d1d6847}
2015-02-04 16:56 - 2015-02-04 16:56 - 01343632 _____ () C:\Users\user1\Desktop\Google Talk.exe
2015-02-04 16:56 - 2015-02-04 16:56 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-31 23:51 - 2015-01-31 23:51 - 00000197 _____ () C:\Windows\system32\2015-01-31-22-51-19.037-AvastVBoxSVC.exe-2128.log
2015-01-31 22:06 - 2015-02-06 21:36 - 00003268 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-961901972-2914913119-3437931070-1001
2015-01-28 18:56 - 2015-01-28 18:56 - 00594992 _____ () C:\Users\user1\Downloads\setup.exe
2015-01-28 14:49 - 2015-01-28 14:50 - 00000197 _____ () C:\Windows\system32\2015-01-28-13-49-29.042-AvastVBoxSVC.exe-2508.log
2015-01-24 18:55 - 2015-01-24 18:55 - 00000197 _____ () C:\Windows\system32\2015-01-24-17-55-51.025-AvastVBoxSVC.exe-2512.log
2015-01-24 12:45 - 2015-01-24 12:46 - 00000197 _____ () C:\Windows\system32\2015-01-24-11-45-16.097-AvastVBoxSVC.exe-2368.log
2015-01-24 11:29 - 2015-01-24 11:29 - 00000247 _____ () C:\Windows\system32\2015-01-24-10-29-24.000-aswFe.exe-12708.log
2015-01-24 11:23 - 2015-01-24 11:29 - 00000247 _____ () C:\Windows\system32\2015-01-24-10-23-54.054-aswFe.exe-9468.log
2015-01-24 11:23 - 2015-01-24 11:23 - 00000197 _____ () C:\Windows\system32\2015-01-24-10-23-41.063-AvastVBoxSVC.exe-24404.log
2015-01-24 01:52 - 2015-01-24 17:58 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Dropbox
2015-01-24 01:44 - 2015-01-24 01:44 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-24 01:44 - 2015-01-24 01:44 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-24 01:42 - 2015-01-24 01:42 - 00000000 ____D () C:\Users\user1\AppData\Roaming\AVAST Software
2015-01-24 01:41 - 2015-01-24 18:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-24 01:41 - 2015-01-24 01:41 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-24 01:41 - 2015-01-24 01:41 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-24 01:41 - 2015-01-24 01:41 - 00001980 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-24 01:41 - 2015-01-24 01:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-24 01:41 - 2015-01-24 01:40 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-24 01:41 - 2015-01-24 01:40 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-24 01:41 - 2015-01-24 01:40 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-24 01:41 - 2015-01-24 01:40 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-24 01:41 - 2015-01-24 01:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-24 01:41 - 2015-01-24 01:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-24 01:41 - 2015-01-24 01:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-24 01:40 - 2015-01-24 01:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-24 01:39 - 2015-01-24 01:39 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-24 01:38 - 2015-01-24 01:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-24 01:38 - 2015-01-24 01:38 - 04864824 _____ (AVAST Software) C:\Users\user1\Downloads\avast_free_antivirus_setup_online.exe
2015-01-21 15:36 - 2015-01-30 22:36 - 00000000 ___RD () C:\Users\user1\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2015-01-15 10:08 - 2015-01-15 10:08 - 00000000 ____D () C:\Windows\SysWOW64\N360_BACKUP
2015-01-14 07:04 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:04 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:04 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 07:04 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:04 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 07:04 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 07:04 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 07:04 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 07:04 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 07:04 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 07:04 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 07:04 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 07:04 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 07:04 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:04 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 07:04 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 07:04 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 07:04 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 07:04 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 07:04 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 07:04 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 07:04 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 07:04 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 07:04 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 07:04 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 07:04 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 07:04 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 07:04 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 07:04 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 07:04 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 07:04 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 08:11 - 2015-01-12 08:11 - 00000000 ____D () C:\Windows\System32\Tasks\GenericSettingsHandler
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 23:34 - 2014-10-22 22:01 - 01646127 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 23:23 - 2014-10-27 20:10 - 00000000 ____D () C:\Users\user1\AppData\Local\CrashDumps
2015-02-08 23:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-08 22:49 - 2014-10-28 09:44 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-961901972-2914913119-3437931070-1001UA.job
2015-02-08 22:46 - 2014-10-22 15:36 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 22:44 - 2014-10-22 15:21 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DE857F89-DA74-450E-B349-171180D703A9}
2015-02-08 19:56 - 2014-12-14 22:14 - 00000000 ____D () C:\Users\user1\AppData\Roaming\ViberPC
2015-02-08 19:24 - 2013-08-22 15:46 - 00034024 _____ () C:\Windows\setupact.log
2015-02-08 16:33 - 2014-12-14 22:13 - 00000000 ____D () C:\Users\user1\AppData\Local\Viber
2015-02-08 16:33 - 2014-10-27 15:17 - 00000000 ___DO () C:\Users\user1\SkyDrive
2015-02-08 16:33 - 2014-10-22 15:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 10:49 - 2014-10-28 09:44 - 00000916 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-961901972-2914913119-3437931070-1001Core.job
2015-02-07 20:12 - 2014-10-22 15:18 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-961901972-2914913119-3437931070-1001
2015-02-07 19:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-06 16:30 - 2014-10-22 21:54 - 01411314 _____ () C:\Windows\PFRO.log
2015-02-06 16:30 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 14:58 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-06 10:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-06 09:21 - 2014-10-22 15:36 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-06 08:33 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-06 00:57 - 2014-10-22 15:08 - 00000000 ____D () C:\Users\user1
2015-02-06 00:34 - 2014-10-22 15:12 - 00001442 _____ () C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-04 21:58 - 2013-08-22 14:25 - 00000257 _____ () C:\Windows\win.ini
2015-02-04 19:37 - 2014-10-22 15:36 - 00000000 ____D () C:\Users\user1\AppData\Local\Google
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 18:53 - 2014-10-22 16:49 - 00000000 ____D () C:\ProgramData\Norton
2015-01-24 18:50 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-23 06:04 - 2014-10-22 15:05 - 00818732 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 05:57 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-21 22:13 - 2014-10-22 15:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-21 13:17 - 2014-10-22 15:59 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 21:52 - 2014-12-24 21:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-09 21:52 - 2014-12-24 20:09 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-09 21:52 - 2014-10-22 15:39 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Skype
2015-01-09 21:52 - 2014-10-22 15:39 - 00000000 ____D () C:\ProgramData\Skype
Some content of TEMP:
====================
C:\Users\user1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\user1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppl5vns.dll
C:\Users\user1\AppData\Local\Temp\ICReinstall_KeyPlayr_Setup[1].exe
C:\Users\user1\AppData\Local\Temp\optprosetup.exe
C:\Users\user1\AppData\Local\Temp\ReimagePackage.exe
C:\Users\user1\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-07 20:12
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by user1 at 2015-02-08 23:36:14
Running from C:\Users\user1\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Dell System Detect (HKU\S-1-5-21-961901972-2914913119-3437931070-1001\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3977 - Intel Corporation)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Viber (HKU\S-1-5-21-961901972-2914913119-3437931070-1001\...\Viber) (Version: 4.4.0.134678 - Viber Media Inc)
Video Performer (HKU\S-1-5-21-961901972-2914913119-3437931070-1001\...\Video Performer) (Version: - PerformerSoft LLC) <==== ATTENTION
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
Windows Driver Package - Dell Inc (DellRbtn) HIDClass (06/26/2013 1.4.1) (HKLM\...\F83757BC3DFF5684ED21F4FD63A2BBB0B9F79953) (Version: 06/26/2013 1.4.1 - Dell Inc)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-961901972-2914913119-3437931070-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
24-01-2015 01:39:21 avast! antivirus system restore point
28-01-2015 11:25:13 Windows Update
04-02-2015 17:19:28 Windows Modules Installer
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0F76B3B0-70E7-4139-8FDF-E69E0263E131} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-961901972-2914913119-3437931070-1001Core => C:\Users\user1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-28] (Facebook Inc.)
Task: {16CDDBF9-3C9C-4601-91CA-96D447C2D292} - System32\Tasks\PostPoneInstall => C:\Users\user1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe [2015-02-04] (C.L.A.R.A) <==== ATTENTION
Task: {1BC93283-56D1-4897-A58C-84F8B92E8B70} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-24] (AVAST Software)
Task: {2CCA6C30-C862-4958-9661-5C3BC9EC5B57} - System32\Tasks\avastBCLRestartS-1-5-21-961901972-2914913119-3437931070-1001 => Chrome.exe
Task: {59D36D4A-3B6A-4AA2-B34B-34CD4C6308A8} - System32\Tasks\PC Performer Scheduled Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {5B6A575F-AF00-4B55-A99B-355F9DBD5A3D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
Task: {79B4EAE7-97BD-4CBF-A9E0-DE456BF8F02F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-961901972-2914913119-3437931070-1001UA => C:\Users\user1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-28] (Facebook Inc.)
Task: {8B65A09F-E2F5-478D-A88D-3A08EEC928BD} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-961901972-2914913119-3437931070-1001
Task: {9CFCC867-6CE1-4B03-9B3C-F88489690D03} - System32\Tasks\Run_Bobby_Browser => C:\Users\user1\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {B76FE3D6-FD63-44AB-8D5E-1DDEE553D4D7} - System32\Tasks\PC Performer Logon Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {C63F3E81-E474-4040-BC0C-4905A3903671} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {E06F5835-CB10-4DB9-AAD1-21EC1BB02137} - System32\Tasks\{908AD6E3-7E56-4C5A-9CD9-CA611325C883} => pcalua.exe -a C:\Users\user1\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=key7 <==== ATTENTION
Task: {F24D81BD-2F07-4FDC-8E80-D54F50F73AF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-961901972-2914913119-3437931070-1001Core.job => C:\Users\user1\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-961901972-2914913119-3437931070-1001UA.job => C:\Users\user1\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-01-24 01:40 - 2015-01-24 01:40 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-24 01:40 - 2015-01-24 01:40 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-10-15 07:50 - 2014-10-15 07:50 - 00457616 _____ () C:\Windows\system32\igfxTray.exe
2014-01-08 09:00 - 2014-01-08 09:00 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-08 08:58 - 2014-01-08 08:58 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-12-14 22:14 - 2014-10-20 13:36 - 00936656 _____ () C:\Users\user1\AppData\Local\Viber\Viber.exe
2014-01-08 09:03 - 2014-01-08 09:03 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2015-02-06 00:51 - 2015-02-06 00:51 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020501\algo.dll
2015-01-24 01:40 - 2015-01-24 01:40 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-08 23:10 - 2015-02-08 23:10 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020801\algo.dll
2014-10-29 10:32 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-10-29 10:32 - 2012-05-25 03:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 49463296 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\libViber.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00770048 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\libGLESv2.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00106496 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\qfacebook.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00172032 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\exif.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00049152 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\libEGL.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00876544 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\platforms\qwindows.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00024576 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\imageformats\qgif.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00024576 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\imageformats\qico.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00204800 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\imageformats\qjpeg.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00221184 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\imageformats\qmng.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00016384 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\imageformats\qsvg.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00016384 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\imageformats\qtga.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00311296 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\imageformats\qtiff.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00016384 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\imageformats\qwbmp.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00638976 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\sqldrivers\qsqlite.dll
2015-02-04 06:09 - 2015-02-04 06:09 - 00032768 _____ () C:\Users\user1\AppData\Local\Viber\5.0.0.2821\iconengines\qsvgicon.dll
2015-01-24 01:40 - 2015-01-24 01:40 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-04 06:49 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-04 06:49 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-04 06:49 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-02-05 13:30 - 2015-02-03 12:22 - 14964912 _____ () C:\Users\user1\AppData\Local\Google\Chrome\User Data\PepperFlash\16.0.0.305\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\user1\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\user1\SkyDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\Control Panel\Desktop\\Wallpaper ->
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-961901972-2914913119-3437931070-1001\...\StartupApproved\Run: => "Speech Recognition"
==================== Accounts: =============================
Administrator (S-1-5-21-961901972-2914913119-3437931070-500 - Administrator - Disabled)
Guest (S-1-5-21-961901972-2914913119-3437931070-501 - Limited - Disabled)
user1 (S-1-5-21-961901972-2914913119-3437931070-1001 - Administrator - Enabled) => C:\Users\user1
==================== Faulty Device Manager Devices =============
Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/08/2015 11:23:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69
Exception code: 0xc000027b
Fault offset: 0x00000000000547ac
Faulting process id: 0x1b40
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (02/08/2015 10:43:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69
Exception code: 0xc000027b
Fault offset: 0x00000000000547ac
Faulting process id: 0x1aa4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (02/08/2015 10:33:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69
Exception code: 0xc000027b
Fault offset: 0x00000000000547ac
Faulting process id: 0x1f0c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (02/08/2015 09:52:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69
Exception code: 0xc000027b
Fault offset: 0x00000000000547ac
Faulting process id: 0x1a40
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (02/08/2015 08:47:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69
Exception code: 0xc000027b
Fault offset: 0x00000000000547ac
Faulting process id: 0xfa4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (02/08/2015 07:49:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69
Exception code: 0xc000027b
Fault offset: 0x00000000000547ac
Faulting process id: 0x1688
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (02/08/2015 07:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69
Exception code: 0xc000027b
Fault offset: 0x00000000000547ac
Faulting process id: 0xdb0
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (02/08/2015 06:49:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69
Exception code: 0xc000027b
Fault offset: 0x00000000000547ac
Faulting process id: 0x1038
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (02/08/2015 06:19:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69
Exception code: 0xc000027b
Fault offset: 0x00000000000547ac
Faulting process id: 0x1214
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (02/08/2015 05:49:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69
Exception code: 0xc000027b
Fault offset: 0x00000000000547ac
Faulting process id: 0xeb4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
System errors:
=============
Error: (02/08/2015 00:11:30 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/08/2015 00:11:30 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/08/2015 00:11:27 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (02/06/2015 04:31:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (02/06/2015 04:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The JO Service component service failed to start due to the following error:
%%2
Error: (02/06/2015 02:58:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16389
Error: (02/06/2015 01:01:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (02/06/2015 00:58:37 AM) (Source: DCOM) (EventID: 10016) (User: USER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Useruser1S-1-5-21-961901972-2914913119-3437931070-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (02/06/2015 00:58:37 AM) (Source: DCOM) (EventID: 10016) (User: USER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Useruser1S-1-5-21-961901972-2914913119-3437931070-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (02/06/2015 00:58:37 AM) (Source: DCOM) (EventID: 10016) (User: USER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Useruser1S-1-5-21-961901972-2914913119-3437931070-1001LocalHost (Using LRPC)UnavailableUnavailable
Microsoft Office Sessions:
=========================
Error: (02/08/2015 11:23:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac1b4001d043eddec99ec2C:\Windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll1ec8ac28-afe1-11e4-829d-645a045d7ee1588E6FFA.CNNAppforWindows_1.2.0.0_neutral__cs8eyncph15zyApp
Error: (02/08/2015 10:43:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac1aa401d043e854a8343eC:\Windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll93910b2c-afdb-11e4-829d-645a045d7ee1588E6FFA.CNNAppforWindows_1.2.0.0_neutral__cs8eyncph15zyApp
Error: (02/08/2015 10:33:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac1f0c01d043e6dfaffe80C:\Windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll24f4246c-afda-11e4-829d-645a045d7ee1588E6FFA.CNNAppforWindows_1.2.0.0_neutral__cs8eyncph15zyApp
Error: (02/08/2015 09:52:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac1a4001d043e10cef75adC:\Windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll6139a0db-afd4-11e4-829d-645a045d7ee1588E6FFA.CNNAppforWindows_1.2.0.0_neutral__cs8eyncph15zyApp
Error: (02/08/2015 08:47:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547acfa401d043d80096e683C:\Windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll43785b5d-afcb-11e4-829d-645a045d7ee1588E6FFA.CNNAppforWindows_1.2.0.0_neutral__cs8eyncph15zyApp
Error: (02/08/2015 07:49:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac168801d043cfe9573f1fC:\Windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll27c0bcc8-afc3-11e4-829d-645a045d7ee1588E6FFA.CNNAppforWindows_1.2.0.0_neutral__cs8eyncph15zyApp
Error: (02/08/2015 07:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547acdb001d043cbb874a7ddC:\Windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dllf76101db-afbe-11e4-829d-645a045d7ee1588E6FFA.CNNAppforWindows_1.2.0.0_neutral__cs8eyncph15zyApp
Error: (02/08/2015 06:49:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac103801d043c7878f1250C:\Windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dllc612ac60-afba-11e4-829d-645a045d7ee1588E6FFA.CNNAppforWindows_1.2.0.0_neutral__cs8eyncph15zyApp
Error: (02/08/2015 06:19:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac121401d043c356ab59fcC:\Windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll9523ce7e-afb6-11e4-829d-645a045d7ee1588E6FFA.CNNAppforWindows_1.2.0.0_neutral__cs8eyncph15zyApp
Error: (02/08/2015 05:49:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547aceb401d043bf25ca7316C:\Windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll64368939-afb2-11e4-829d-645a045d7ee1588E6FFA.CNNAppforWindows_1.2.0.0_neutral__cs8eyncph15zyApp
CodeIntegrity Errors:
===================================
Date: 2015-02-04 22:33:14.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-04 22:33:14.620
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-04 22:33:11.036
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-04 22:33:10.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-04 22:31:31.116
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-04 22:31:30.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-04 22:29:04.547
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-04 22:29:04.276
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-04 22:29:00.893
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-04 22:29:00.397
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 3558U @ 1.70GHz
Percentage of memory in use: 53%
Total physical RAM: 4000.19 MB
Available physical RAM: 1851.08 MB
Total Pagefile: 4704.19 MB
Available Pagefile: 2153.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.42 GB) (Free:436.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 465.8 GB) (Disk ID: 84E9A229)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
DESCRIPTION OF MY PROBLEM
My computer incidentally started running slowly after I was opening a site, and that site redirected me to several other sites which were strange to me, and I tried to close them, but those strange and irrelevant sites and pages continued coming up and could not be controlled. At last I found out that two stubborn programs known as "omigaplus" and webssearches uninstall "" have been installed in the control panel of my computer. And if I type any words to search any pages or web, my search words will be added with the following unknown words: "Uptrackid=sp-006' . Then it will redirect me to a wrong page which I didn't search for. And up till now the program known as " webssearches uninstall" is still present as an installed program in my control panel and all efforts I have made to remove it has not succeeded, though I can not see the " omigaplus" program again in my control panel. My computer still runs slowly.