Jump to content

CPU usage not normal


Recommended Posts

So at first i though its just normal cpu spike to 100% few times, and after a few day it got worst i check it on task manager it was chrome the culprit. And i tried new fresh browser to test if chrome got infected or something, and it has same result spiking around 50-100% (Which is not normal). So i format my pc and start fresh, when i open chrome again it has the same result, and now it got worst spiking when browsing watching youtube or playing game. Any idea? I already check for rootkit and bootkit its all clean, not to mention i just reinstall my windows and format everything else

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

post those logs in your next reply....

 

Thanks,

 

Kevin.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2015

Ran by Autizboyz (administrator) on AUTIZBOYZ-PC on 13-02-2015 03:20:44

Running from C:\Users\Autizboyz\Downloads

Loaded Profiles: Autizboyz (Available profiles: Autizboyz)

Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\QQPCRTP.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe

(Glarysoft Ltd) C:\Program Files\Glary Utilities 3\CheckUpdate.exe

() C:\Program Files\Inventec\Dreye\X\DreyeMT\DreyeIMplugin.exe

() C:\Program Files\Inventec\Dreye\X\DreyeSync\DictQuerySync.exe

(Inventec) C:\Program Files\Inventec\Dreye\X\Peadict\DreyeStart.exe

(Kingsoft Corporation) C:\Program Files\Kingsoft\PowerWordDict\XDict.exe

(Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\QQPCTray.exe

(Glarysoft Ltd) C:\Program Files\Glary Utilities 3\Integrator.exe

(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Tencent) C:\Program Files\Common Files\Tencent\QQDownload\130\Tencentdl.exe

(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

(Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\plugins\QMNetMon\QQPCNetFlow.exe

(Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\QQPCRealTimeSpeedup.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(Tencent) C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\TAOFrame.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [ QQPCTray] => C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\QQPCTray.exe [355296 2014-12-26] (Tencent)

HKLM\...\Run: [iMDreyePlugin] => C:\Program Files\Inventec\Dreye\X\DreyeMT\DreyeIMplugin.exe [36864 2013-01-25] ()

HKLM\...\Run: [DictQuerySync] => C:\Program Files\Inventec\Dreye\X\DreyeSync\DictQuerySync.exe [110592 2014-01-16] ()

HKLM\...\Run: [DreyeStart] => C:\Program Files\Inventec\Dreye\X\Peadict\DreyeStart.exe [159744 2014-01-21] (Inventec)

HKU\S-1-5-21-1794873707-3065677229-3646463512-1000\...\Run: [XDict] => C:\Program Files\Kingsoft\PowerWordDict\xdict.exe [3250544 2015-01-16] (Kingsoft Corporation)

HKU\S-1-5-21-1794873707-3065677229-3646463512-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1380672 2015-01-23] (Lavasoft)

HKU\S-1-5-21-1794873707-3065677229-3646463512-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-08-24] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\QMGCShellExt.dll (Tencent)

ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)

BootExecute: autocheck autochk *  BootDefrag.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKU\S-1-5-21-1794873707-3065677229-3646463512-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

HKU\S-1-5-21-1794873707-3065677229-3646463512-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://plasa.msn.com/?rd=1&ucc=ID&dcc=ID&opt=0&ocid=iehp

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

BHO: Avira SearchFree Toolbar plus Web Protection -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)

BHO: 应用宝一键安装插件 -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll (腾讯公司)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - ?dE??iOe(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FASTAIT_PERSONAL\addins\IEBand.dll (Copyright © Kingsoft Corporation Limited. All rights reserved.)

Toolbar: HKLM - Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\X\DreyeMT\DreyeIEBar.dll ()

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Windows\system32\networkdlllsp.dll [421744] (Network Tunnel Lab)

Winsock: Catalog9 02 C:\Windows\system32\networkdlllsp.dll [421744] (Network Tunnel Lab)

Winsock: Catalog9 03 C:\Windows\system32\networkdlllsp.dll [421744] (Network Tunnel Lab)

Winsock: Catalog9 04 C:\Windows\system32\networkdlllsp.dll [421744] (Network Tunnel Lab)

Winsock: Catalog9 05 C:\Windows\system32\networkdlllsp.dll [421744] (Network Tunnel Lab)

Winsock: Catalog9 06 C:\Windows\system32\networkdlllsp.dll [421744] (Network Tunnel Lab)

Winsock: Catalog9 07 C:\Windows\system32\networkdlllsp.dll [421744] (Network Tunnel Lab)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{CDF7EF19-722E-4394-8775-E551E96DC68D}: [NameServer] 198.153.192.40,188.153.194.40

 

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @iciba.com/GrabWord -> C:\Program Files\Kingsoft\PowerWordDict\plugin\NPAPI\npGrabWord.dll (Kingsoft Corporation)

FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @qq.com/npAndroidAssistant -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll (腾讯公司)

FF Plugin: @qq.com/QQPCMgr -> C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\npQMExtensionsMozilla.dll (Tencent Technology (Shenzhen) Company Limited)

FF Plugin: @qq.com/TXSSO -> C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: DreyeFireFoxPlugin -> C:\Program Files\Inventec\Dreye\X\DreyeMT\Extension\npDreye.dll ()

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll ()

FF HKLM\...\Firefox\Extensions: [xdict@www.iciba.com] - C:\Program Files\Kingsoft\PowerWordDict\plugin\Firefox

FF Extension: 金山词霸鼠标取词 - C:\Program Files\Kingsoft\PowerWordDict\plugin\Firefox [2015-01-16]

FF HKU\S-1-5-21-1794873707-3065677229-3646463512-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Autizboyz\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\Autizboyz\AppData\Roaming\IDM\idmmzcc5 [2013-09-04]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> ""

CHR Profile: C:\Users\Autizboyz\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Autizboyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Autizboyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

CHR Extension: (YouTube) - C:\Users\Autizboyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]

CHR Extension: (Kingsoft Powerword Grab Word) - C:\Users\Autizboyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cngicmmkocjjbmacacmchjhdimdhfgod [2015-01-17]

CHR Extension: (Google Search) - C:\Users\Autizboyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]

CHR Extension: (Video Downloader professional) - C:\Users\Autizboyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-02-12]

CHR Extension: (AdBlock) - C:\Users\Autizboyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-06]

CHR Extension: (FastestFox for Chrome) - C:\Users\Autizboyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-04-25]

CHR Extension: (Google Wallet) - C:\Users\Autizboyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]

CHR Extension: (电脑管家上网防护) - C:\Users\Autizboyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2014-12-29]

CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-07-27]

CHR HKLM\...\Chrome\Extension: [cngicmmkocjjbmacacmchjhdimdhfgod] - C:\Program Files\Kingsoft\PowerWordDict\plugin\Chrome\XDictExtension.crx [2015-01-16]

CHR HKLM\...\Chrome\Extension: [ooebklgpfnbcnpokahmdidgbmlcdepkm] - No Path

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-11-22] (SUPERAntiSpyware.com)

S4 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-29] (Avira Operations GmbH & Co. KG) [File not signed]

S4 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-29] (Avira Operations GmbH & Co. KG) [File not signed]

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-29] (Avira Operations GmbH & Co. KG) [File not signed]

S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-27] (APN LLC.)

S4 BASSVC; C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\bassvc.exe [208928 2014-10-17] (Baidu, Inc.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-13] (NVIDIA Corporation)

R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2009-07-14] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-13] (NVIDIA Corporation)

R2 QQPCRTP; C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\QQPCRTP.exe [297608 2014-12-26] (Tencent) [File not signed]

R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)

R3 TAOFrame; C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\TAOFrame.exe [293728 2014-12-26] (Tencent) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

S2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-08-29] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2014-03-10] (DT Soft Ltd)

S3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)

S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)

R3 MQAC; C:\Windows\System32\drivers\mqac.sys [141824 2010-11-20] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-13] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)

R3 ProcObsrv; C:\Program Files\Glary Utilities 3\ProcObsrv.sys [11552 2013-08-20] (Glarysoft Ltd)

R1 QMIEProtect; C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\QMIEProtect.sys [49080 2014-12-26] () [File not signed]

R1 QMUdisk; C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\QMUdisk.sys [58080 2015-01-05] (Tencent) [File not signed]

R2 QQSysMon; C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\QQSysMon.sys [108344 2014-12-26] (电脑管家) [File not signed]

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator.sys [77016 2014-12-26] (Tencent)

R2 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel.sys [92472 2014-12-26] (Tencent Technology(Shenzhen) Company Limited)

S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-04-26] (The OpenVPN Project)

S3 TesSafe; C:\Windows\system32\TesSafe.sys [834832 2015-01-17] (TENCENT)

R1 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [149944 2014-12-26] (电脑管家)

R3 TS888; C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\TS888.sys [30392 2015-02-12] (Tencent) [File not signed]

R1 TSCPM; C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\tscpm.sys [43448 2014-12-26] (电脑管家) [File not signed]

R1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [175800 2015-01-07] (Tencent)

R0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [128120 2014-12-26] (电脑管家)

R1 TSKSP; C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\TSKsp.sys [203384 2014-12-26] (电脑管家) [File not signed]

R1 TSSysKit; C:\Program Files\腾讯游戏\QQPCMgr\10.5.15816.217\TSSysKit.sys [101560 2014-12-26] (电脑管家) [File not signed]

S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1896448 2012-05-16] (C-Media Electronics Inc)

U5 Bhbase; C:\Windows\System32\Drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)

S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]

S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]

S3 MSICDSetup; \??\D:\CDriver.sys [X]

S3 Synth3dVsc; No ImagePath

S3 taphss; system32\DRIVERS\taphss.sys [X]

S3 taphss6; system32\DRIVERS\taphss6.sys [X]

S3 tsusbhub; No ImagePath

S3 VGPU; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-13 03:21 - 2015-02-13 03:22 - 15431256 _____ () C:\Users\Autizboyz\Downloads\RogueKiller.exe

2015-02-13 03:20 - 2015-02-13 03:21 - 00021150 _____ () C:\Users\Autizboyz\Downloads\FRST.txt

2015-02-13 03:20 - 2015-02-13 03:20 - 01125376 _____ (Farbar) C:\Users\Autizboyz\Downloads\FRST.exe

2015-02-13 03:20 - 2015-02-13 03:20 - 00000000 ____D () C:\FRST

2015-02-12 22:07 - 2015-02-12 22:07 - 00030392 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys

2015-02-12 22:01 - 2015-02-12 22:01 - 00483809 _____ (Lars Hederer ) C:\Users\Autizboyz\Downloads\ntregopt-setup.exe

2015-02-12 20:34 - 2015-02-12 20:34 - 00000000 ____D () C:\ProgramData\TXQMPC

2015-02-12 08:31 - 2015-02-12 08:44 - 630315448 _____ () C:\Users\Autizboyz\Downloads\Stranded Teens  Kassondra Raine  Wixvi Free Porn HD - Watch Full HD Porn - HD Quality Videos.mp4

2015-02-12 07:59 - 2015-02-12 08:18 - 746384518 _____ () C:\Users\Autizboyz\Downloads\Stranded Teens Two Dicks for Stranded Teen Anina  Wixvi Free Porn HD - Watch Full HD Porn - HD Quality Videos.mp4

2015-02-11 17:27 - 2015-02-11 17:27 - 00000000 ____D () C:\Users\Autizboyz\Downloads\Compressed

2015-02-06 20:13 - 2015-02-06 20:13 - 00000000 ____D () C:\SUPERDelete

2015-02-04 17:42 - 2015-02-04 17:42 - 00000135 _____ () C:\prefs.js

2015-02-04 17:42 - 2015-02-04 17:42 - 00000000 ____D () C:\Users\Autizboyz\AppData\Local\Lavasoft

2015-02-04 17:42 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll

2015-02-04 17:41 - 2015-02-04 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

2015-02-04 17:41 - 2015-02-04 17:41 - 00000000 ____D () C:\Program Files\Lavasoft

2015-02-04 17:39 - 2015-02-04 17:39 - 00000000 ____D () C:\Users\Autizboyz\AppData\Roaming\Lavasoft

2015-02-04 17:39 - 2015-02-04 17:39 - 00000000 ____D () C:\ProgramData\Lavasoft

2015-02-04 17:38 - 2015-02-07 03:47 - 00000000 ____D () C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602

2015-02-04 17:38 - 2015-02-07 03:45 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602

2015-02-04 17:38 - 2015-02-04 17:38 - 00001047 _____ () C:\Users\Autizboyz\Desktop\Cheat Engine.lnk

2015-02-04 17:38 - 2015-02-04 17:38 - 00000000 ____D () C:\Users\Autizboyz\Documents\My Cheat Tables

2015-02-04 17:38 - 2015-02-04 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4

2015-02-04 17:38 - 2015-02-04 17:38 - 00000000 ____D () C:\Program Files\Cheat Engine 6.4

2015-02-04 17:35 - 2015-02-04 17:36 - 09052192 _____ (Cheat Engine ) C:\Users\Autizboyz\Downloads\CheatEngine64.exe

2015-02-03 11:53 - 2014-12-01 17:56 - 00000417 _____ () C:\Users\Autizboyz\Downloads\file_id.diz

2015-02-03 11:48 - 2014-12-01 13:00 - 00256000 _____ () C:\Users\Autizboyz\Downloads\iCareDataRecoveryTechnician.exe

2015-02-03 11:47 - 2015-02-03 11:47 - 01601998 _____ () C:\Users\Autizboyz\Downloads\9n4vz.iCare.Data.Recovery.Technician.6.0.0.1.rar

2015-02-03 11:04 - 2015-02-03 11:06 - 03355451 _____ () C:\Users\Autizboyz\Downloads\iCare Data Recovery Technician 6.0.0.1.rar

2015-02-03 09:55 - 2015-02-03 09:55 - 01352007 _____ (iCare Recovery ) C:\Users\Autizboyz\Downloads\icaredrs.exe

2015-02-03 09:04 - 2015-02-03 09:42 - 00000000 ____D () C:\Users\Autizboyz\Documents\Recovering

2015-01-28 15:22 - 2015-01-28 15:22 - 00000000 ____D () C:\Users\Autizboyz\Downloads\Tila Tequila - Back Doored And Squirting HD 720p

2015-01-27 10:19 - 2015-01-27 10:22 - 00000000 ____D () C:\Users\Autizboyz\Downloads\Tia - Ultra High Class Hooker

2015-01-27 10:17 - 2015-01-27 10:17 - 00016105 _____ () C:\Users\Autizboyz\Downloads\[kickass.al]snis.176.tia.jav.censored.torrent

2015-01-27 10:13 - 2015-01-27 10:13 - 00124363 _____ () C:\Users\Autizboyz\Downloads\[kickass.so]tia.ultra.high.class.hooker.torrent

2015-01-26 15:04 - 2015-01-26 15:14 - 00000000 ____D () C:\Users\Autizboyz\Downloads\Taimanin Asagi [1-4] [EngSub] [720p]

2015-01-22 13:35 - 2015-02-12 10:24 - 00000000 ____D () C:\Users\Autizboyz\Downloads\Video

2015-01-22 13:05 - 2015-01-22 13:24 - 395185152 ____R () C:\Users\Autizboyz\Downloads\[subDESU-H] Kanojo ga Mimai ni Konai Wake - 03 [8bit 852x480 x264 AC3] [0E99B09A].mp4

2015-01-22 13:04 - 2015-01-22 13:04 - 00015612 _____ () C:\Users\Autizboyz\Downloads\[subDESU-H] Kanojo ga Mimai ni Konai Wake - 03 [8bit 852x480 x264 AC3] [0E99B09A].mp4.torrent

2015-01-22 12:56 - 2015-01-22 13:07 - 168666257 _____ () C:\Users\Autizboyz\Downloads\[subDESU-H]_Kanojo_ga_Mimai_ni_Konai_Wake_-_02_(DVD_720x480_x264_10bit_AAC)_[814A9CF5].mkv

2015-01-22 12:54 - 2015-01-22 12:54 - 00013270 _____ () C:\Users\Autizboyz\Downloads\[subDESU-H]_Kanojo_ga_Mimai_ni_Konai_Wake_-_02_(DVD_720x480_x264_10bit_AAC)_[814A9CF5].mkv.torrent

2015-01-22 12:46 - 2015-01-22 12:55 - 303738719 ____R () C:\Users\Autizboyz\Downloads\[subDESU-H]_Kanojo_ga_Mimai_ni_Konai_Wake_-_01_(864x480_x264_AAC)_[66540C88].mkv

2015-01-22 12:45 - 2015-01-22 12:45 - 00023560 _____ () C:\Users\Autizboyz\Downloads\[subDESU-H]_Kanojo_ga_Mimai_ni_Konai_Wake_-_01_(864x480_x264_AAC)_[66540C88].mkv.torrent

2015-01-22 12:44 - 2015-01-24 13:33 - 00016006 _____ () C:\Users\Autizboyz\Documents\homework1.txt

2015-01-21 16:48 - 2015-01-21 16:48 - 00019839 _____ () C:\Users\Autizboyz\Downloads\54bf75ec8e586javjunkies.torrent

2015-01-21 16:47 - 2015-01-21 16:59 - 506317944 ____R () C:\Users\Autizboyz\Downloads\[140207][Milky]放課後 完全版 V2.mp4

2015-01-21 16:47 - 2015-01-21 16:47 - 00019839 _____ () C:\Users\Autizboyz\Downloads\54bf75a9679b8javjunkies.torrent

2015-01-21 16:24 - 2015-01-21 16:24 - 00012698 _____ () C:\Users\Autizboyz\Downloads\54bf70339e4e5javjunkies.torrent

2015-01-21 16:01 - 2015-01-21 16:01 - 00001072 _____ () C:\Users\Autizboyz\Documents\homework.txt

2015-01-21 12:16 - 2015-01-21 12:16 - 00007262 _____ () C:\Users\Autizboyz\Documents\done2.txt

2015-01-21 08:45 - 2015-01-21 08:45 - 00005222 _____ () C:\Users\Autizboyz\Documents\Done.txt

2015-01-19 16:46 - 2015-01-19 16:46 - 03184304 _____ () C:\Users\Autizboyz\Downloads\flash.rar

2015-01-18 08:20 - 2015-01-19 16:52 - 00004112 _____ () C:\Users\Autizboyz\Documents\Translate.txt

2015-01-18 01:00 - 2015-01-18 01:00 - 00000000 ____D () C:\Users\Autizboyz\AppData\Roaming\Inventec

2015-01-18 01:00 - 2015-01-18 01:00 - 00000000 ____D () C:\ProgramData\Inventec

2015-01-17 21:47 - 2015-01-17 22:38 - 1046093232 _____ () C:\Users\Autizboyz\Desktop\Archive.rar

2015-01-17 21:46 - 2014-05-30 03:50 - 00000000 ____D () C:\Users\Autizboyz\Documents\Mayuri ver 5.5

2015-01-17 21:44 - 2015-01-17 21:44 - 06739416 _____ () C:\Users\Autizboyz\Downloads\Mayuri ver 5.5.rar

2015-01-17 02:55 - 2015-01-24 13:30 - 00000000 ____D () C:\Users\Autizboyz\Downloads\flash

2015-01-17 02:46 - 2015-01-17 19:54 - 11593626 _____ () C:\Users\Autizboyz\Downloads\game.flm

2015-01-17 02:46 - 2015-01-17 18:03 - 11592998 _____ () C:\Users\Autizboyz\Downloads\game1.flm

2015-01-17 02:03 - 2015-01-17 02:23 - 11039231 _____ () C:\Users\Autizboyz\Downloads\game.txt

2015-01-17 01:37 - 2015-01-17 01:37 - 00000016 _____ () C:\Windows\system32\rdInfo199

2015-01-17 01:33 - 2013-08-02 08:42 - 03148856 _____ () C:\Windows\1366Dtop.bmp

2015-01-17 01:33 - 2012-08-21 09:22 - 02359352 _____ () C:\Windows\1024Dtop.bmp

2015-01-17 01:33 - 2012-08-21 09:21 - 03932216 _____ () C:\Windows\1280Dtop.bmp

2015-01-17 01:32 - 2015-01-17 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Dr.eye

2015-01-17 01:32 - 2015-01-17 01:32 - 00001716 _____ () C:\Users\Public\Desktop\Dr.eye.lnk

2015-01-17 01:32 - 2015-01-17 01:32 - 00000000 ____D () C:\Program Files\Inventec

2015-01-17 01:29 - 2014-04-21 12:05 - 00000000 ____D () C:\Users\Autizboyz\Downloads\Dr.eyeX

2015-01-17 00:44 - 2015-01-17 01:27 - 1327442204 _____ (Igor Pavlov) C:\Users\Autizboyz\Downloads\DreyeX.exe

2015-01-17 00:05 - 2015-01-18 01:01 - 00000000 ____D () C:\Users\Autizboyz\AppData\Roaming\Wandoujia2

2015-01-17 00:05 - 2015-01-17 00:05 - 00000000 ____D () C:\Users\Autizboyz\AppData\Roaming\kingsoft

2015-01-16 15:48 - 2015-01-16 15:48 - 00001136 _____ () C:\Users\Public\Desktop\金山词霸.lnk

2015-01-16 15:48 - 2015-01-16 15:48 - 00000226 _____ () C:\Users\Public\Desktop\爱词霸英语学习.url

2015-01-16 15:48 - 2015-01-16 15:48 - 00000000 ____D () C:\Users\Autizboyz\AppData\Roaming\Maxthon3

2015-01-16 15:48 - 2015-01-16 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\金山词霸

2015-01-16 15:47 - 2015-01-16 15:47 - 00002002 _____ () C:\Users\Public\Desktop\金山快译个人版1.0.lnk

2015-01-16 15:47 - 2015-01-16 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\金山快译个人版1.0

2015-01-16 15:45 - 2015-01-16 15:47 - 00000000 ____D () C:\Program Files\Kingsoft

2015-01-16 15:41 - 2015-01-16 15:44 - 73945224 _____ () C:\Users\Autizboyz\Downloads\FastAit_Setup.exe

2015-01-16 15:31 - 2015-01-17 15:59 - 00000000 ____D () C:\Users\Autizboyz\Downloads\Translation Aggregator 0.4.3_min

2015-01-16 15:30 - 2015-01-16 15:30 - 00286124 _____ () C:\Users\Autizboyz\Downloads\Translation Aggregator 0.4.3_min.zip

2015-01-16 15:28 - 2015-01-16 15:28 - 00029360 _____ () C:\Users\Autizboyz\Downloads\agth.rar

2015-01-16 13:53 - 2015-01-16 13:53 - 00000000 ____D () C:\Users\Autizboyz\AppData\Roaming\org.sakuradite.reader

2015-01-16 13:48 - 2015-01-16 13:52 - 00000000 ___RD () C:\Users\Autizboyz\Desktop\Visual Novel Reader

2015-01-16 13:46 - 2015-01-16 13:46 - 00000000 ____D () C:\Program Files\Program Files (x86)

2015-01-16 04:02 - 2015-01-16 04:02 - 00701489 _____ () C:\Users\Autizboyz\Downloads\game.$wf

2015-01-15 11:05 - 2015-01-15 11:06 - 30146890 _____ () C:\Users\Autizboyz\Downloads\mecab-jumandic-7.0-20130310.tar.gz

2015-01-15 11:03 - 2015-01-15 11:03 - 00308923 _____ () C:\Users\Autizboyz\Downloads\Source - Translation Aggregator 0.4.9.r171.rar

2015-01-15 10:50 - 2015-01-15 10:50 - 00001033 _____ () C:\Users\Autizboyz\Desktop\Notepad++.lnk

2015-01-15 10:50 - 2015-01-15 10:50 - 00000000 ____D () C:\Users\Autizboyz\AppData\Roaming\Notepad++

2015-01-15 10:50 - 2015-01-15 10:50 - 00000000 ____D () C:\Users\Autizboyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2015-01-15 10:50 - 2015-01-15 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

2015-01-15 10:50 - 2015-01-15 10:50 - 00000000 ____D () C:\Program Files\Notepad++

2015-01-15 10:49 - 2015-01-15 10:50 - 07965917 _____ () C:\Users\Autizboyz\Downloads\npp.6.7.4.Installer.exe

2015-01-15 10:45 - 2015-01-15 10:45 - 00000000 _____ () C:\Users\Autizboyz\game.flm

2015-01-15 10:41 - 2015-01-15 10:41 - 00000000 ____D () C:\Flasm

2015-01-15 10:31 - 2015-01-15 10:32 - 200581336 _____ () C:\Users\Autizboyz\Downloads\Caches.zip

2015-01-15 10:05 - 2015-01-15 10:05 - 00000000 _____ () C:\Users\Autizboyz\foo

2015-01-15 10:01 - 2015-01-15 10:19 - 00000000 _____ () C:\Users\Autizboyz\foo.flm

2015-01-15 09:49 - 2015-01-17 02:47 - 00000000 ____D () C:\Users\Autizboyz\Downloads\Flasm

2015-01-15 09:49 - 2015-01-15 09:49 - 00152920 _____ () C:\Users\Autizboyz\Downloads\flasm16win.zip

2015-01-15 08:43 - 2015-01-15 08:43 - 02984081 _____ () C:\Users\Autizboyz\Downloads\Mayuri (Eng) v.0.35.rar

2015-01-15 08:20 - 2015-01-15 08:20 - 05664460 _____ () C:\Users\Autizboyz\Downloads\Mayuri ver. 5.5.zip

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-13 03:17 - 2013-09-02 02:14 - 00000000 ____D () C:\Users\Autizboyz\AppData\Roaming\uTorrent

2015-02-13 03:11 - 2014-08-09 03:42 - 00000000 ____D () C:\Users\Autizboyz\AppData\Local\TSVNCache

2015-02-13 02:53 - 2014-12-11 10:18 - 00013111 _____ () C:\Windows\setupact.log

2015-02-12 22:20 - 2014-12-26 15:31 - 00002185 _____ () C:\Users\Public\Desktop\软件管理.lnk

2015-02-12 22:14 - 2009-07-14 11:34 - 00022688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-12 22:14 - 2009-07-14 11:34 - 00022688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-12 22:07 - 2013-08-24 19:29 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 3.job

2015-02-12 22:07 - 2013-08-24 19:29 - 00000000 ____D () C:\Program Files\Glary Utilities 3

2015-02-12 22:06 - 2014-12-11 15:12 - 00251450 _____ () C:\Windows\PFRO.log

2015-02-12 22:06 - 2013-08-23 17:33 - 00000000 ____D () C:\Users\Autizboyz

2015-02-12 22:06 - 2013-08-23 16:52 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-02-12 22:06 - 2009-07-14 11:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-12 22:05 - 2013-08-23 17:33 - 02883584 _____ () C:\Users\Autizboyz\ntuser.bak

2015-02-12 22:05 - 2009-07-14 09:03 - 40632320 _____ () C:\Windows\system32\config\software.bak

2015-02-12 22:05 - 2009-07-14 09:03 - 19398656 _____ () C:\Windows\system32\config\system.bak

2015-02-12 22:05 - 2009-07-14 09:03 - 00262144 _____ () C:\Windows\system32\config\default.bak

2015-02-12 22:05 - 2009-07-14 09:03 - 00032768 _____ () C:\Windows\system32\config\sam.bak

2015-02-12 22:05 - 2009-07-14 09:03 - 00024576 _____ () C:\Windows\system32\config\security.bak

2015-02-12 22:03 - 2013-08-23 17:12 - 00000982 _____ () C:\Users\Autizboyz\Desktop\NTREGOPT.lnk

2015-02-12 22:03 - 2013-08-23 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer

2015-02-12 22:03 - 2013-08-23 17:12 - 00000000 ____D () C:\Program Files\NT Registry Optimizer

2015-02-12 16:03 - 2013-09-04 02:28 - 00000000 ____D () C:\Users\Autizboyz\AppData\Roaming\DMCache

2015-02-12 10:24 - 2013-09-09 00:33 - 00000000 ____D () C:\Users\Autizboyz\AppData\Roaming\vlc

2015-02-07 03:54 - 2014-07-02 05:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-07 03:47 - 2013-09-03 03:30 - 00000000 ____D () C:\Users\Autizboyz\AppData\Roaming\DiskDefrag

2015-02-07 03:47 - 2009-07-14 14:49 - 00000000 ____D () C:\Windows\ShellNew

2015-02-03 11:13 - 2014-09-01 04:21 - 00000000 ____D () C:\Program Files\Recuva

2015-01-22 13:10 - 2014-04-25 02:02 - 00059152 _____ () C:\Users\Autizboyz\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-20 04:10 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Autizboyz\Downloads\Meh

2015-01-18 06:18 - 2015-01-13 23:22 - 00000000 ____D () C:\Users\Autizboyz\Downloads\mayuriver5_5

2015-01-18 00:59 - 2014-04-25 19:18 - 00270112 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-17 13:04 - 2014-12-11 15:13 - 00834832 _____ (TENCENT) C:\Windows\system32\TesSafe.sys

2015-01-17 10:48 - 2014-12-11 16:27 - 00000040 _____ () C:\ProgramData\DT0006.dat

2015-01-17 10:47 - 2014-12-11 16:58 - 00000040 _____ () C:\ProgramData\DT0001.dat

2015-01-17 01:32 - 2013-08-23 17:37 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2015-01-16 15:47 - 2015-01-05 09:22 - 00000000 ____D () C:\ProgramData\KingSoft

2015-01-16 01:34 - 2014-10-04 10:58 - 00000000 __SHD () C:\Users\Autizboyz\wc

2015-01-15 09:32 - 2013-08-23 17:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-14 22:23 - 2013-08-23 17:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-01-14 22:23 - 2013-08-23 17:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-01-14 21:57 - 2014-12-12 17:02 - 00641974 _____ () C:\Windows\WindowsUpdate.log

 

==================== Files in the root of some directories =======

 

2014-10-04 10:58 - 2014-10-04 10:58 - 0000038 ___SH () C:\Users\Autizboyz\AppData\Local\1754111884ee9ab5277ca00.95260103

2014-05-23 12:54 - 2014-12-14 06:59 - 0007668 _____ () C:\Users\Autizboyz\AppData\Local\Resmon.ResmonCfg

2014-06-28 02:29 - 2014-06-28 02:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2014-12-11 16:58 - 2015-01-17 10:47 - 0000040 _____ () C:\ProgramData\DT0001.dat

2014-12-11 16:27 - 2015-01-17 10:48 - 0000040 _____ () C:\ProgramData\DT0006.dat

 

Files to move or delete:

====================

C:\ProgramData\DT0001.dat

C:\ProgramData\DT0006.dat

C:\ProgramData\RegistryReviver.exe

 

 

Some content of TEMP:

====================

C:\Users\Autizboyz\AppData\Local\Temp\gusetup2.exe

C:\Users\Autizboyz\AppData\Local\Temp\gusetup3.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-13 00:38

 

==================== End Of Log ============================

 

 

 

Roguekiller is ongoing hang on

Addition.txt

Link to post
Share on other sites

  • Root Admin

127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
127.0.0.1 mirror3.internetdownloadmanager.com
127.0.0.1 star.tonec.com

Link to post
Share on other sites

The program I ask about is listed as a security program, Anti-virus and Anti-spyware.

 

I suppose you will have read the warning I listed in my opening reply? Would you like to explain the hack listed in the Hosts file?

 

 

About that its an anti virus my friend gave me, before i was using avira than i start changing to this anti virus since its doing its job. I dont know if its trusted anti virus but my friend said it is in china. Yes about the piracy thing i didnt know about IDM is one of them, i though its only for torrent stuff im not that good on pc so i didnt realy know IDM is one of them. Sorry about that

Link to post
Share on other sites

If you do not use Avira best to uninstall it via Programs and Features, uninstall the following:

 

Avira Free Antivirus
Avira SearchFree Toolbar

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

 

  •  

     

  • Double click on Adwcleaner.exe to run the tool.

     

     

  • Click on Scan

     

     

  • Once the scan is done, click on the Clean button.

     

     

  • You will get a prompt asking to close all programs. Click OK.

     

     

  • Click OK again to reboot your computer.

     

     

  • A text file will open after the restart. Please post the content of that logfile in your reply.

     

     

  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

     

     

 

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

 

  •  

     

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)

     

     

  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

     

     

  • The tool will open and start scanning your system.

     

     

  • Please be patient as this can take a while to complete depending on your system's specifications.

     

     

  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

     

     

  • Post the contents of JRT.txt into your next message.

     

     

 

 

Next,

 

ESETOnline.png Scan with ESET Online Scanner

 

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

 

Click there Run ESET Online Scanner.

 

If using Internet Explorer:

 

 

  •  

     

  • Accept the Terms of Use and click Start.

     

     

  • Allow the running of add-on.

     

     

 

If using Mozilla Firefox or Google Chrome:

 

  •  

     

  • Download esetsmartinstaller_enu.exe that you'll be given link to.

     

     

  • Double click esetsmartinstaller_enu.exe.

     

     

  • Allow the Terms of Use and click Start.

     

     

 

To perform the scan:

 

  •  

     

  • Make sure that Remove found threats is unchecked.

     

     

  • Scan archives is checked.

     

     

  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.

     

     

  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.

     

     

  • Click Start

     

     

  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.

     

     

  • When completed, the program will begin to scan. This may take several hours. Please, be patient.

     

     

  • Do not do anything on your machine as it may interrupt the scan.

     

     

  • When the scan is done, click Finish.

     

     

  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

     

     

 

Please include this logfile in your next reply.

 

Don't forget to re-enable protection software!

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns..

 

Thanks,

 

Kevin..

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Do you infer all browser cause CPU spikes, use instructions from previous link and put system back in Normal mode. Continue as follows when complete:

 

51a612a8b27e2-Zoek.pngScan with ZOEK

 

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 


Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

 

services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deleteiedefaults;firefoxlook;chromelook;FFdefaults;CHRdefaults;

 

 


Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

 

Please include its content in your next reply. Don't forget to re-enable security software!

 

Let me see that log, also does this make any difference to spike issue...

 

Thanks,

 

Kevin.

Link to post
Share on other sites

Tencent and 电脑管家上网防护 is part of my anti virus software, kinda like website protection. I didnt want to be any disrespect or anything but this anti virus isnt the cost why my cpu spiking (Because i already having cpu spiking before i use this anti virus) Well i didnt realy know much about virus or malware but atleast it make sense

Link to post
Share on other sites

No disrespect taken, I`ve never come across those programs before. Also Zoek log does show Avira running, If Tencent and 电脑管家上网防护 are also running this will cause major problems for your system, that maybe the fault we are looking for....

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgnt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.