Inactive-A Bad image error

yeehow · Aug 20, 2015

Please would someone help me
Windows Xp, but I get a bad image error on all start up apps, and when I try to start any program even Chrome browser. it makes my scare please I need advice

Broni · Aug 20, 2015

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

yeehow · Aug 21, 2015

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2015
Ran by yeehow (2015-08-21 11:11:18)
Running from C:\Documents and Settings\yeehow\My Documents\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1708537768-484763869-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1708537768-484763869-1801674531-1014 - Limited - Enabled)
Guest (S-1-5-21-1708537768-484763869-1801674531-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-1708537768-484763869-1801674531-1000 - Limited - Disabled)
mayliew (S-1-5-21-1708537768-484763869-1801674531-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\mayliew
SUPPORT_388945a0 (S-1-5-21-1708537768-484763869-1801674531-1002 - Limited - Disabled)
yee how (S-1-5-21-1708537768-484763869-1801674531-1017 - Administrator - Enabled)
yeehow (S-1-5-21-1708537768-484763869-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\yeehow
yeejin (S-1-5-21-1708537768-484763869-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\yeejin
yeezhian (S-1-5-21-1708537768-484763869-1801674531-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\yeezhian

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoHotkey 1.0.48.05 (HKLM\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bandicam (HKLM\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
BasicFix (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}) (Version: - OctetIntern) <==== ATTENTION
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version: - ) <==== ATTENTION
Canon MP Navigator EX 1.2 (HKLM\...\MP Navigator EX 1.2) (Version: - )
Canon MP190 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Claro LTD toolbar on IE (HKLM\...\claro) (Version: - Claro LTD) <==== ATTENTION
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DefaultTab Chrome (HKLM\...\DefaultTab Chrome) (Version: 1.1.25 - ) <==== ATTENTION
D-Link DFE-520TX (HKLM\...\InstallShield_{9629C9A1-74F7-4DD0-B99B-9066925E63F8}) (Version: - D-Link)
D-Link DFE-520TX (Version: - D-Link) Hidden
D-Link PCI Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_D-Link) (Version: - )
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Driver Whiz (HKLM\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz)
DVD Software (HKLM\...\{609ca3ef-4c43-4af2-b271-da7b670b0634}_is1) (Version: - )
Easy Phone Sync (HKLM\...\{02007371-F011-4016-A664-ED99890331AB}) (Version: 63 - Media Mushroom Limited)
Free Audio CD Burner version 2.0.23.430 (HKLM\...\Free Audio CD Burner_is1) (Version: 2.0.23.430 - DVDVideoSoft Ltd.)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version: - )
Free Zip 9.20 (HKLM\...\7-Zip) (Version: - Somoto Ltd) <==== ATTENTION
Garena - League of Legends (HKLM\...\LoL) (Version: - Garena Online Pte Ltd.)
Garena (HKLM\...\Garena) (Version: 3.2 - Garena Interactive Pte Ltd.)
Garena+ (HKLM\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20110512 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Harmony EFX RTAS (HKLM\...\{C5DB14FA-75CE-48FB-A497-AFBE58F3FE93}) (Version: 1.0.2 - Antares Audio Technologies)
InfraRecorder (HKLM\...\InfraRecorder) (Version: - Christian Kindahl)
Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.13 - PACE Anti-Piracy)
InterVideo DeviceService (HKLM\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
iPod for Windows 2005-03-23 (HKLM\...\InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}) (Version: 3.8.0 - Apple Computer, Inc.)
iPod for Windows 2005-03-23 (Version: 3.8.0 - Apple Computer, Inc.) Hidden
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
League of Legends (Version: 1.3 - Riot Games) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
Microsoft Office Accounting 2009 (HKLM\...\Microsoft Office Accounting 2009) (Version: 4.0.3610.0 - Microsoft Corporation)
Microsoft Office Accounting 2009 Equifax Addin (HKLM\...\{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}) (Version: 4.0.1930.0 - Microsoft Corporation)
Microsoft Office Accounting 2009 Fixed Asset Manager (HKLM\...\{53276F5A-85AB-4BEF-BAA2-2490975DC006}) (Version: 4.0.1930.0 - Microsoft Corporation)
Microsoft Office Accounting 2009 PayPal Addin (HKLM\...\{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}) (Version: 4.0.1930.0 - Microsoft Corporation)
Microsoft Office Accounting 2009 Tax Integration Add-in (HKLM\...\{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}) (Version: 4.0.1930.0 - Microsoft Corporation)
Microsoft Office Accounting ADP Payroll Addin (HKLM\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version: - )
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
MotionDV STUDIO 5.3E LE for DV (HKLM\...\{43F8F1E5-C740-4293-A309-EA9DD6474DB1}) (Version: - )
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MPEG4 Player 1.0 (HKLM\...\MPEG4 Player_is1) (Version: - spgsoft.com)
MSN Toolbar Platform (Version: 4.0.0379.0 - Microsoft Corporation) Hidden
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
MYOB Payroll Tax Forms (HKLM\...\InstallShield_{DF2D5BCE-AEC0-49F1-B0F8-80E0F603F024}) (Version: 5.5.14 - MYOB)
MYOB Payroll Tax Forms (Version: 5.5.14 - MYOB) Hidden
MYOB Premier Accounting 2006 (v15) (HKLM\...\InstallShield_{7CBEA175-8D35-4343-8A47-DBF36F86C033}) (Version: 2006 - MYOB US Inc.)
MYOB Premier Accounting 2006 (v15) (Version: 2006 - MYOB US Inc.) Hidden
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version: - )
Nokia Connectivity Cable Driver (HKLM\...\{C50EF365-2898-489A-B6C7-30DAA466E9A2}) (Version: 7.1.23.0 - Nokia)
Nokia Software Updater (HKLM\...\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}) (Version: 01.08.010.40008 - Nokia Corporation)
Norton Identity Safe (HKLM\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
nullDC 1.0.0 Public Beta 1 Setup (HKLM\...\{C3FDA1E4-1E17-48D8-B4F0-C141E9FFB4BA}) (Version: 1.0.0 - nullDC)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.11.45 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.6 - Pando Networks Inc.)
PC Connectivity Solution (HKLM\...\{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}) (Version: 9.44.0.3 - Nokia)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
Primavera 6.0 (HKLM\...\InstallShield_{983F7138-0BB4-418B-973B-84EE71001422}) (Version: 6.0.0 - Primavera Systems Inc)
Primavera 6.0 (Version: 6.0.0 - Primavera Systems Inc) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5449 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rich Media Player (HKLM\...\Rich Media Player) (Version: 1.0.0.756 - Radiocom) <==== ATTENTION
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
UBS Accounting System 9.0 (HKLM\...\{6AB67A69-A5D1-11D6-9632-444553540000}) (Version: 1.00.0000 - UBS Corporation Berhad)
Unity Web Player (HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Universal Adb Driver (HKLM\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Outlook 2007 Junk Email Filter (KB2508979) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{D2137BBA-250B-4548-BC1C-19E5009893D7}) (Version: - Microsoft)
USB Video Device (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.48205.104 - Sonix)
Video Power (HKLM\...\{17DB3734-EAB4-4717-954B-C860EE162FBA}) (Version: 1.0.24 - Video Power)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD SmartWare (HKLM\...\{CD0DC280-2489-4464-A2FC-16104676394A}) (Version: 1.1.1.6 - Western Digital)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (HKLM\...\53F13DB4D9611FD63BE580F06F0729BF236ABE68) (Version: 05/27/2006 1.3.2.0 - Advanced Micro Devices)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4) (HKLM\...\8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA) (Version: 06/01/2009 7.01.0.4 - Nokia)
Windows Driver Package - Nokia Modem (10/05/2009 4.2) (HKLM\...\05B59228C7E1C21DFBE89260F879BD95880548D8) (Version: 10/05/2009 4.2 - Nokia)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
ZyDAS IEEE 802.11 b+g Wireless LAN - USB (HKLM\...\{581CE7EA-A30D-0000-1211-088635773309}) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\yeehow\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Documents and Settings\yeehow\Local Settings\Temp\7D26f33711\temp\Beeol.blogspot.com_HackPremium_Bee_Online.rar.exe ()

==================== Restore Points =========================

16-07-2015 14:03:14 Software Distribution Service 3.0
21-07-2015 10:25:49 Software Distribution Service 3.0
21-07-2015 14:03:43 Software Distribution Service 3.0
23-07-2015 10:38:12 Software Distribution Service 3.0
24-07-2015 10:29:49 Software Distribution Service 3.0
28-07-2015 10:18:03 Software Distribution Service 3.0
29-07-2015 10:25:52 Software Distribution Service 3.0
30-07-2015 09:21:22 Software Distribution Service 3.0
31-07-2015 08:55:39 Software Distribution Service 3.0
02-08-2015 08:01:12 Software Distribution Service 3.0
02-08-2015 08:20:05 Software Distribution Service 3.0
02-08-2015 12:53:50 Software Distribution Service 3.0
05-08-2015 10:30:41 Software Distribution Service 3.0
06-08-2015 10:41:49 Software Distribution Service 3.0
07-08-2015 14:31:42 Software Distribution Service 3.0
10-08-2015 11:34:19 Software Distribution Service 3.0
11-08-2015 10:47:18 Software Distribution Service 3.0
12-08-2015 10:38:41 Software Distribution Service 3.0
13-08-2015 09:59:05 Software Distribution Service 3.0
17-08-2015 19:47:44 Software Distribution Service 3.0
18-08-2015 19:13:56 Software Distribution Service 3.0
19-08-2015 10:48:10 Software Distribution Service 3.0
20-08-2015 00:04:27 Software Distribution Service 3.0
21-08-2015 00:02:13 Software Distribution Service 3.0
21-08-2015 00:25:31 JRT Pre-Junkware Removal
21-08-2015 11:04:52 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 20:00 - 2001-08-23 20:00 - 00000734 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-1-6.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-1-6.exe <==== ATTENTION
Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-1-7.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-1-7.exe <==== ATTENTION
Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-10_user.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-10.exe <==== ATTENTION
Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-3.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-3.exe <==== ATTENTION
Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-4.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-4.exe <==== ATTENTION
Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-5.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-5.exe <==== ATTENTION
Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-6.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-6.exe <==== ATTENTION
Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-7.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-7.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\windows\Tasks\Driver Whiz-RTMRules.job => C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe
Task: C:\windows\Tasks\Driver Whiz-RTMScan.job => C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe
Task: C:\windows\Tasks\Driver Whiz-RTMUpdater.job => C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe
Task: C:\windows\Tasks\FileCure Startup.job => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: C:\windows\Tasks\FileCure.job => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cffe648a1ba1a8.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0025c9d2c9b9c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d09440280790bf.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d09c1ba6deafaa.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0bf757a0293d4.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\ReclaimerResumeInstall_yeehow.job => C:\Documents and Settings\yeehow\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
Task: C:\windows\Tasks\ReclaimerResumeInstall_yeezhian.job => C:\Documents and Settings\yeezhian\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

==================== Loaded Modules (Whitelisted) ==============

2008-04-14 11:41 - 2008-04-14 11:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 11:42 - 2008-04-14 11:42 - 00014336 _____ () C:\windows\system32\msdmo.dll
2008-04-14 11:42 - 2008-04-14 11:42 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll
2008-04-14 11:42 - 2011-11-03 23:28 - 00386048 _____ () C:\WINDOWS\system32\qdvd.dll
2008-04-14 11:42 - 2013-01-02 14:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2006-10-31 14:35 - 2006-10-31 14:35 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2013-03-12 16:27 - 2013-03-12 16:27 - 00120600 _____ () C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00073664 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\InputHook.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 02457024 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\Overlay.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00070080 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\PluginKernel.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00111040 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\CommonLib.dll
2015-07-24 12:52 - 2015-07-15 03:06 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2014-05-23 13:46 - 2005-08-02 11:59 - 00471040 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
2014-05-23 13:46 - 2005-07-20 10:11 - 00208896 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\dot1x_dll.dll
2014-05-23 13:46 - 2004-03-05 15:00 - 00155648 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\SSLEAY32.dll
2014-05-23 13:46 - 2004-03-05 15:00 - 00827392 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\LIBEAY32.dll
2014-05-23 13:46 - 2005-08-02 11:59 - 00045056 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWLAN.dll
2008-04-14 11:42 - 2013-01-02 14:49 - 01292288 _____ () C:\windows\system32\quartz.dll
2015-08-16 16:06 - 2015-08-16 16:06 - 00379392 _____ () C:\Program Files\igfx32\igfx32.exe
2015-08-19 21:45 - 2015-08-19 21:44 - 00053760 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe
2015-07-14 18:25 - 2015-08-06 19:30 - 10014656 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\GarenaMessenger.exe
2015-07-14 18:26 - 2015-07-14 18:26 - 00111552 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\CommonLib.dll
2015-07-14 18:26 - 2015-08-01 17:07 - 01089472 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\ggspawn.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00040384 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\DibModule.dll
2015-07-14 18:26 - 2015-08-20 18:17 - 00040896 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\VersionModule.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00058304 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\FileLoader.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00094144 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\PluginKernel.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00494016 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\CxImage.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00032192 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\PluginModule.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00177600 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\fs\YYFileSystem.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00380864 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\Http.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00191424 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lame_enc.DLL
2015-07-14 18:26 - 2015-07-14 18:26 - 00226752 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\TaskManagerLib.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00113088 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\UILayout.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00965056 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\XLL.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00061888 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\sqlite3.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00231360 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\StatsPlugin.dll
2015-07-14 18:26 - 2015-08-06 19:31 - 01507264 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\ggplugin.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00199616 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\ImageModule.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00162240 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\libmpg123.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 02948032 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\ggdownloader.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00072640 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\AudioMixerLib.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00023488 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\ClientTcp.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 01552320 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\libzmq.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00963008 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\GaFileTransfer.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00251840 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\MediaEngine.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00033216 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\ServerMemAlloc.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00523712 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\RSALib.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00075200 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\UdtLib.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00154048 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\xIM.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00596928 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\xim\plugin_msn.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00467392 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\xim\plugin_xmpp.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00201664 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\xim\plugin_yahoo.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00107968 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\PlatformPlugin.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00243648 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\PluginNews.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00404416 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\GarenaTalkPlugin.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00293824 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\DailyTaskPlugin.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00223168 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\GameSalePlugin.dll
2015-07-14 18:26 - 2015-07-14 18:26 - 00056256 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\ggdllhost.exe
2015-07-07 19:40 - 2015-08-18 18:29 - 06793664 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\BBtalk.exe
2015-07-07 19:41 - 2015-07-07 19:41 - 00039872 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\DibModule.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00389056 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\ImageModule.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00824256 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\gagmhook.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00048064 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lollauncher.dll
2015-07-07 19:41 - 2015-08-20 17:55 - 00029632 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\VersionModule.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00454960 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\sqlite3.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00115648 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\AudioMixerLib.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00036800 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00431552 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\exchndl.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00083904 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\FileManager.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00059840 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\FileSystem.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00380864 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\Http.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00053696 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\InputHookLib.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00048576 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\IPCLib.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00062400 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\LangLib.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00096704 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\audiohost.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00141760 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\MessagePumpLib.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00037312 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\MP3Saver.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00245184 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\libmp3lame.DLL
2015-07-07 19:41 - 2015-07-07 19:41 - 01054656 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00062912 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\ResLib.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00105920 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\PngModule.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00134592 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\TcpClient.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00144320 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\UdpClient.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00117696 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\UILayout.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00872896 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\UILib.dll
2015-07-07 19:41 - 2015-07-07 19:41 - 00062400 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\XmlUIModule.dll
2015-08-17 20:39 - 2015-08-08 08:13 - 16393032 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll
2015-07-22 07:17 - 2015-07-22 07:17 - 00954368 _____ () C:\Program Files\GarenaLoL\GameData\Apps\LoL\launcher.lib.dll
2015-07-22 07:17 - 2015-07-22 07:17 - 00053248 _____ () C:\Program Files\GarenaLoL\GameData\Apps\LoL\launcher.lang-en.dll
2015-07-22 07:17 - 2015-07-22 07:17 - 00074752 _____ () C:\Program Files\GarenaLoL\GameData\Apps\LoL\Air\LOLClient.exe
2015-07-22 07:17 - 2015-07-22 07:17 - 04774248 _____ () C:\Program Files\GarenaLoL\GameData\Apps\LoL\Air\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2015-02-16 20:31 - 2014-02-10 12:44 - 04592128 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-02-16 20:31 - 2014-02-10 12:44 - 00112128 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7B471B25
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

yeehow · Aug 21, 2015

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\WINDOWS\pss\WDDMStatus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\WINDOWS\pss\WDSmartWare.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDWLan Utility.lnk => C:\WINDOWS\pss\ZDWLan Utility.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: AVG9_TRAY => C:\PROGRA~1\AVG\AVG9\avgtray.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DriverCD => E:\Run.exe
MSCONFIG\startupreg: DriverScanner => "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe
MSCONFIG\startupreg: Free PDF Print Dispatcher => C:\Program Files\pdfconverter.com\FreePDF Creator\itFPCPrnDisp.exe
MSCONFIG\startupreg: IMJPMIG8.1 => "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSCONFIG\startupreg: Intuit SyncManager => c:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: mspaint => "C:\WINDOWS\system32\Paint.exe" -autocheck
MSCONFIG\startupreg: MSPY2002 => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSCONFIG\startupreg: PHIME2002ASync => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
MSCONFIG\startupreg: ROC_roc_dec12 => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SkyTel => SkyTel.EXE
MSCONFIG\startupreg: snp2uvc => C:\WINDOWS\vsnp2uvc.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: tsnp2uvc => C:\WINDOWS\tsnp2uvc.exe
MSCONFIG\startupreg: UVS11 Preload => D:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\Pando Networks\Media Booster\PMB.exe] => Enabled

ando Media Booster
StandardProfile\AuthorizedApplications: [C:\Program Files\Garena\Garena.exe] => Enabled:Garena
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\yeezhian\My Documents\My Music\Garena\Garena.exe] => Enabled:Garena
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Pando Networks\Media Booster\PMB.exe] => Enabled

ando Media Booster
StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\Room\garena_room.exe] => Enabled:Garena
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [D:\steam\Steam.exe] => Enabled:Steam
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\mayliew\Application Data\Dropbox\bin\Dropbox.exe] => Enabled

ropbox
StandardProfile\AuthorizedApplications: [D:\steam\steamapps\common\dota 2 beta\dota.exe] => Enabled

ota 2
StandardProfile\AuthorizedApplications: [C:\GarenaDownload\Games\lol\LoLInstaller.exe] => Enabled:LoL Game Installer
StandardProfile\AuthorizedApplications: [D:\Downloads\GameData\Apps\LoL\Air\LolClient.exe] => Enabled:League of Legends Lobby
StandardProfile\AuthorizedApplications: [D:\Downloads\GameData\Apps\LoL\Game\League of Legends.exe] => Enabled:League of Legends Game Client
StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\UpdateManager.exe] => Enabled:UpdateManager Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\javaw.exe] => Disabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\yeehow\Local Settings\Temp\RarSFX0\hl.exe] => Enabled:Half-Life Launcher
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\javaw.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\muzapp.exe] => Enabled:MUZ AOD APP player
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\yeehow\My Documents\Downloads\BitTorrent.exe] => Enabled:BitTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\ggdllhost.exe] => Enabled:ggdllhost
StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\bbtalk\BBTalk.exe] => Enabled:Garena Talk
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\mayliew\My Documents\TightVNC\tvnserver.exe] => Enabled:TightVNC Server
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\mayliew\My Documents\TightVNC\vncviewer.exe] => Enabled:TightVNC Viewer
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe] => Enabled:League of Legends Lobby
StandardProfile\AuthorizedApplications: [C:\Program Files\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe] => Enabled:League of Legends Game Client
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\bin\steamwebhelper.exe] => Enabled:Steam Web Helper
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe] => Enabled:Team Fortress 2
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\yeehow\My Documents\Downloads\LoLInstaller.exe] => Enabled:LoL Game Installer
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\yeehow\My Documents\Downloads\LoLInstaller (1).exe] => Enabled:LoL Game Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\GarenaMessenger.exe] => Disabled:Garena Plus
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:rundll32
StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\gaa\Garena Plus\ggdllhost.exe] => Enabled:ggdllhost
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe] => Enabled:NVIDIA Network Service TCP Exception (HTTPS)
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\GarenaLoL\GameData\Apps\LoL\lol.exe] => Enabled:League of Legends Launcher
DomainProfile\GloballyOpenPorts: [56137:TCP] => Enabled

ando Media Booster
DomainProfile\GloballyOpenPorts: [56137:UDP] => Enabled

ando Media Booster
StandardProfile\GloballyOpenPorts: [58319:TCP] => Enabled

ando Media Booster
StandardProfile\GloballyOpenPorts: [58319:UDP] => Enabled

ando Media Booster
StandardProfile\GloballyOpenPorts: [59099:TCP] => Enabled

ando Media Booster
StandardProfile\GloballyOpenPorts: [59099:UDP] => Enabled

ando Media Booster
StandardProfile\GloballyOpenPorts: [443:TCP] => Enabled

oVoo TCP port 443
StandardProfile\GloballyOpenPorts: [443:UDP] => Enabled

oVoo UDP port 443
StandardProfile\GloballyOpenPorts: [37674:TCP] => Enabled

oVoo TCP port 37674
StandardProfile\GloballyOpenPorts: [37674:UDP] => Enabled

oVoo UDP port 37674
StandardProfile\GloballyOpenPorts: [37675:UDP] => Enabled

oVoo UDP port 37675
StandardProfile\GloballyOpenPorts: [56137:TCP] => Enabled

ando Media Booster
StandardProfile\GloballyOpenPorts: [56137:UDP] => Enabled

ando Media Booster
StandardProfile\GloballyOpenPorts: [8381:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [8381:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [8382:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [8382:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [8383:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [8383:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled

xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled

xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled

xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [8370:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [8370:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet

isabled

xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet

isabled

xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet

isabled

xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet

isabled

xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [6976:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6976:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6891:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6891:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6984:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6984:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6924:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6924:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6893:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6893:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6926:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6926:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6917:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6917:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6977:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6977:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6907:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6907:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6931:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6931:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6988:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6988:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6951:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6951:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6996:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6996:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6973:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6973:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6920:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6920:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6881:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6946:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6946:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6969:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6969:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6992:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6992:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6959:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6959:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6966:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6966:UDP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [8393:TCP] => Enabled:League of Legends Lobby
StandardProfile\GloballyOpenPorts: [8393:UDP] => Enabled:League of Legends Lobby
StandardProfile\GloballyOpenPorts: [8390:TCP] => Enabled:League of Legends Game Client
StandardProfile\GloballyOpenPorts: [8390:UDP] => Enabled:League of Legends Game Client
StandardProfile\GloballyOpenPorts: [6954:TCP] => Enabled:League of Legends Launcher
StandardProfile\GloballyOpenPorts: [6954:UDP] => Enabled:League of Legends Launcher

==================== Faulty Device Manager Devices =============

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Nokia 6680
Description: Nokia Windows Portable Device Driver
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Nokia 6300
Description: Nokia Windows Portable Device Driver
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2015 10:38:22 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (08/21/2015 10:38:06 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/21/2015 10:38:06 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/21/2015 10:37:47 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/21/2015 10:37:47 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/21/2015 10:37:42 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/21/2015 10:37:42 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/20/2015 11:36:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/20/2015 11:36:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/20/2015 11:21:00 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

System errors:
=============
Error: (08/21/2015 10:47:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Salt In service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/21/2015 10:41:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

Error: (08/21/2015 10:41:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealNetworks Downloader Resolver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/21/2015 10:39:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The igfx UI Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/21/2015 10:39:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The igfx UI Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/21/2015 10:39:43 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {577975B8-C40E-43E6-B0DE-4C6B44088B52} did not register with DCOM within the required timeout.

Error: (08/21/2015 10:39:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Salt In service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/21/2015 10:39:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ExtTag service terminated unexpectedly. It has done this 1 time(s).

Error: (08/21/2015 10:38:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Itchy Train service failed to start due to the following error:
%%3

Error: (08/21/2015 10:38:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%2

Microsoft Office:
=========================
Error: (03/16/2012 05:41:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2244 seconds with 780 seconds of active time. This session ended with a crash.

Error: (10/26/2011 01:12:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 117 seconds with 0 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Processor: AMD Athlon(tm) Processor LE-1620
Percentage of memory in use: 90%
Total physical RAM: 1983.48 MB
Available physical RAM: 185.65 MB
Total Virtual: 3876.5 MB
Available Virtual: 1853.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.42 GB) (Free:3.14 GB) NTFS
Drive d: () (Fixed) (Total:125.45 GB) (Free:1.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 35BA35B9)
Partition 1: (Active) - (Size=107.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=125.5 GB) - (Type=OF Extended)

==================== End of log ============================

yeehow · Aug 21, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2015
Ran by yeehow (administrator) on LIEW-F1417587CB (21-08-2015 11:06:45)
Running from C:\Documents and Settings\yeehow\My Documents\Downloads
Loaded Profiles: yeehow (Available Profiles: yeejin & yeehow & yeezhian & mayliew & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe
(InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\SLManagerEasy\Inputps.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) D:\Accounting\MS SQL Server 2005E\MSSQL.2\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
() C:\Program Files\igfx32\igfx32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
() C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe
() C:\Program Files\Garena Plus\gaa\Garena Plus\GarenaMessenger.exe
() C:\Program Files\Garena Plus\gaa\Garena Plus\ggdllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\BBTalk.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Solid State Networks) C:\Program Files\GarenaLoL\GameData\Apps\LoL\lol.exe
() C:\Program Files\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Documents and Settings\yeehow\My Documents\Downloads\avast_free_antivirus_setup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\DOCUME~1\yeehow\LOCALS~1\Temp\_av_iup.tm~a04632\instup.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2003-10-31] (Cyberlink Corp.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-15] (RealNetworks, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-15] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-unins...QAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANwAxAD (the data entry has 349 more characters).
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [QuickTime Task] => "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [BIBLauncher] => C:\Program Files\Business-in-a-Box\BIBLauncher.exe
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [GarenaPlus] => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\ExtTag\DonZozstring.dll => C:\Documents and Settings\All Users\Application Data\ExtTag\DonZozstring.dll [128000 2015-08-20] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk [2014-05-23]
ShortcutTarget: ZDWLan Utility.lnk -> C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
Startup: C:\Documents and Settings\mayliew\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-19]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\yeehow\Application Data\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Documents and Settings\yeejin\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk [2010-05-22]
ShortcutTarget: My_AutoWarkey_Script.lnk -> C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe (No File)
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE8HP&PC=B8DF
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXeXvOb402ijbbUMLfpacHKe8blXdRdbMIfcPPE-Cjul7SoRMLYo6aiCwCtMt82G3yLVICWyN5l7upEft
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXeXvOb402ijbbUMLfpacHKe8blXdRdbMIfcPPE-Cjul7SoRMLYo6aiCwCtMt82G3yLVICWyN5l7upEft
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXeXvOb402ijbbUMLfpacHKe8blXdRdbMIfcPPE-Cjul7SoRMLYo6aiCwCtMt82G3yLVICWyN5l7upEft
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE8HP&PC=B8DF
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://isearch.claro-search.com/?affID=115131&tt=3312_3&babsrc=HP_iclro&mntrId=785171670000000000001c7ee55da9f4
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2356&r=2015/01/14&hid=11438438565546579678&lg=EN&cc=MY&unqvl=74
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={403C707D-A3BE-4D18-9432-1FB647272D88}&mid=692f4a65ca390ea81945f4c38f34ac5d-4a610747be0eed310e2c10440192e4236e074e76&lang=us&ds=AVG&pr=fr&d=2011-12-01 22:06:32&v=9.0.0.18&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {A6D5CBCB-40D4-421C-A70A-9FE2BE56E997} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=kwmusic_adr
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2356&r=2015/01/14&hid=11438438565546579678&lg=EN&cc=MY&unqvl=74
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
BHO: Claro LTD Helper Object -> {000F18F2-09EB-4A59-82B2-5AE4184C39C3} -> C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll [2012-07-09] (Montera Technologeis LTD)
BHO: Yahoo! Companion BHO -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: No Name -> {377e5d4d-77e5-476a-8716-7e70a9272da0} -> No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: DigiSaveR -> {4f4124cd-09cb-4c08-9156-2d6e15f2c7a1} -> C:\Program Files\DigiSaveR\WGcH3saZaEX9KY.dll No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Rich Media Downloader -> {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -> C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll [2013-04-16] (Radiocom CJSC)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-24] (Oracle Corporation)
BHO: Rich Media Player -> {FEB703F7-E7B2-4AB0-9566-87658AC70095} -> C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll [2013-03-12] ()
Toolbar: HKLM - &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Toolbar: HKLM - Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.6.4.1\claroTlbr.dll [2012-07-09] (Montera Technologeis LTD)
Toolbar: HKLM - No Name - {377e5d4d-77e5-476a-8716-7e70a9272da0} - No File
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - No File
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No File
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Filter: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{26CEE3C0-771A-4FC4-82B3-8AE14B3A351F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8AB78108-20E8-4B8E-974B-DB58DDC07083}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default
FF DefaultSearchEngine: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=2356&r=2015/01/14&hid=11438438565546579678&lg=EN&cc=MY&unqvl=74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: C:\Documents and Settings\All Users\Application Data\ExtTags\ff.HP
FF Keyword.URL: hxxp://websearch.thesearchpage.info/?pid=2356&r=2015/01/14&hid=11438438565546579678&lg=EN&cc=MY&unqvl=74&l=1&q=
FF NewTab: C:\Documents and Settings\All Users\Application Data\ExtTags\ff.NT
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-24] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll [No File]
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-03] (Pando Networks)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-15] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-19] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-19] (globalUpdate)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-07-07] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1708537768-484763869-1801674531-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\yeehow\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1708537768-484763869-1801674531-1004: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-03] (Pando Networks)
FF user.js: detected! => C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\user.js [2012-08-17]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-15] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-15] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-10-27] (Nullsoft, Inc.)
FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\Ask.xml [2013-09-25]
FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\findit.xml [2015-08-20]
FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\safesearch.xml [2015-07-03]
FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\search-here.xml [2015-07-29]
FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\WebSearch.xml [2015-02-15]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2011-09-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml [2013-09-25]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-03-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-08-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2011-09-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2013-05-25]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\findit.xml [2015-08-20]
FF Extension: SavePass 1.1 - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com [2015-08-19]
FF Extension: BestSavEFaorYoue - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\99ZsY@mz.net [2015-02-15]
FF Extension: DisscountExteansi - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\eyj1uHM@w6Z.com [2015-02-15]
FF Extension: youtubeadblocker - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\HmRtL027Xm@A.com [2015-02-15]
FF Extension: JOONeiCeoupon - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\kYw@V6y.org [2015-02-15]
FF Extension: uunisales - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\QS@A8Ra1UO7.com [2015-02-15]
FF Extension: youtubeadblocker - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\T1@Y.org [2015-07-03]
FF Extension: Fun2Savve - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\tMwuQDrDv@2.org [2015-02-15]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-21]
FF Extension: New tab - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\{22DA3B04-FD20-3544-DA68-52829EE1CE45} [2014-01-12]
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-09-11]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-07-08]
FF Extension: Default Tab - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\addon@defaulttab.com.xpi [2013-09-25]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013-12-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-04]
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-05]
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-06-11]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-11-01]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}
FF Extension: Rich Media Player extension - C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013-05-25]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-15]
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2015-08-21]

yeehow · Aug 21, 2015

Chrome:
=======
CHR Profile: C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-15]
CHR Extension: (Google Search) - C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-25]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-15]
CHR Extension: (Gmail) - C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-15]
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Documents and Settings\yeehow\Application Data\Media Finder\Extensions\gencrawler_gc.crx <not found>
CHR HKLM\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx [2013-04-16]
CHR HKLM\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx [2013-02-28]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Documents and Settings\yeehow\Application Data\Media Finder\Extensions\mf_plugin_gc.crx <not found>
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 bufssvr; C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe [90112 2010-03-12] (BUFFALO INC.) [File not signed]
R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 doonloaderaroductpeo; C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe [53760 2015-08-19] () [File not signed]
S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-08-19] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-08-19] (globalUpdate) [File not signed] <==== ATTENTION
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfx32; C:\Program Files\igfx32\igfx32.exe [379392 2015-08-16] () [File not signed] <==== ATTENTION
R2 MSSQL$SQLEXPRESS; d:\Accounting\MS SQL Server 2005E\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-15] (NVIDIA Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed]
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-10-14] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
S2 ExtTag; C:\Documents and Settings\All Users\Application Data\ExtTag\ExtTag [X]
S2 Itchy Train; "C:\Program Files\Itchy Train\Itchy Train.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R5 ACPI; C:\windows\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation)
R1 AmdK8; C:\windows\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)
R5 atapi; C:\windows\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)
S3 CCDECODE; C:\windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ccSet_NST; C:\windows\system32\drivers\NST\7DE070B0.02A\ccSetx86.sys [127064 2013-09-28] (Symantec Corporation)
R5 Disk; C:\windows\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)
R5 dmio; C:\windows\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)
R5 dmload; C:\windows\System32\drivers\dmload.sys [5888 2001-08-23] (Microsoft Corp., Veritas Software.)
R3 FETNDISB; C:\windows\System32\DRIVERS\dlkfet5b.sys [43008 2007-07-13] (D-Link )
R5 FltMgr; C:\windows\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation)
R2 fssfltr; C:\windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
R5 Ftdisk; C:\windows\System32\DRIVERS\ftdisk.sys [125056 2001-08-23] (Microsoft Corporation)
S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2009-12-03] (Windows (R) 2000 DDK provider)
R5 isapnp; C:\windows\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation)
R5 KSecDD; C:\windows\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R5 MountMgr; C:\windows\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation)
R5 Mup; C:\windows\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R5 NDIS; C:\windows\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R5 nvata; C:\windows\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation)
S3 NVENETFD; C:\windows\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation)
R5 nvgts; C:\windows\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
S3 nvnetbus; C:\windows\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation)
R5 PartMgr; C:\windows\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)
R5 PCI; C:\windows\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)
R5 PCIIde; C:\windows\System32\DRIVERS\pciide.sys [3328 2001-08-23] (Microsoft Corporation)
R5 PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [45648 2011-03-05] (Sonic Solutions)
R5 sr; C:\windows\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
R1 Tcpip6; C:\windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R5 TPkd; C:\windows\system32\Drivers\TPkd.sys [86016 2009-12-23] (PACE Anti-Piracy, Inc.) [File not signed]
R5 VolSnap; C:\windows\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation)
S3 WLAN(WLAN); C:\windows\System32\DRIVERS\zd1211u.sys [278016 2005-08-16] (ZyDAS Technology Corporation)
R5 WudfPf; C:\windows\System32\DRIVERS\WudfPf.sys [77696 2008-01-18] (Microsoft Corporation)
S3 ZD1211U(ZyDAS); C:\windows\System32\DRIVERS\zd1211u.sys [278016 2005-08-16] (ZyDAS Technology Corporation)
S3 ZDPSp50; C:\windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
U4 aswSP; no ImagePath
S3 GarenaPEngine; \??\C:\DOCUME~1\yeejin\LOCALS~1\Temp\UZLDF.tmp [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\gaa\Garena Plus\Room\safedrv.sys [X]
S4 IntelIde; no ImagePath
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 PcaSp50; system32\DRIVERS\PcaSp50.sys [X]
S2 StarOpen; no ImagePath
S3 tcpip helper; \??\C:\Program Files\Garena Plus\x86\tcpiphlp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-21 11:08 - 2015-08-21 11:08 - 00043112 _____ (AVAST Software) C:\windows\ava2FA.tmp
2015-08-21 11:06 - 2015-08-21 11:07 - 00000000 ___DC C:\FRST
2015-08-21 11:04 - 2015-08-21 11:04 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-21 11:01 - 2015-08-21 11:02 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-08-21 11:01 - 2015-08-21 11:01 - 00433264 _____ (AVAST Software) C:\windows\system32\Drivers\hosuvjxs.sys
2015-08-20 22:10 - 2015-08-20 22:10 - 00000544 _____ C:\Documents and Settings\yeehow\Desktop\Shortcut to MP Navigator EX.lnk
2015-08-20 21:54 - 2015-08-20 21:55 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\ExtTags
2015-08-20 21:54 - 2015-08-20 21:55 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\ExtTag
2015-08-20 21:52 - 2015-08-21 10:39 - 00001111 _____ C:\Documents and Settings\yeehow\Desktop\Google Chrome.lnk
2015-08-20 11:40 - 2015-08-19 21:44 - 00053760 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\Tough-Cof
2015-08-20 10:40 - 2015-08-19 21:44 - 00053760 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\Mathdonity
2015-08-19 23:32 - 2015-08-19 23:32 - 00000000 ____D C:\Documents and Settings\yeehow\Local Settings\Application Data\TeamViewer
2015-08-19 22:02 - 2013-09-30 15:07 - 02290688 _____ (Samsung Electronics Co., Ltd.) C:\Documents and Settings\yeehow\Desktop\Odin3 v3.09.exe
2015-08-19 21:46 - 2015-08-21 10:46 - 00003110 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-1-6.job
2015-08-19 21:46 - 2015-08-21 10:38 - 00003110 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-1-7.job
2015-08-19 21:46 - 2015-08-21 10:38 - 00002418 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-5.job
2015-08-19 21:45 - 2015-08-21 10:45 - 00005490 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-6.job
2015-08-19 21:45 - 2015-08-21 10:45 - 00002084 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-10_user.job
2015-08-19 21:45 - 2015-08-21 10:38 - 00005154 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-7.job
2015-08-19 21:45 - 2015-08-21 10:38 - 00004130 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-4.job
2015-08-19 21:45 - 2015-08-21 10:38 - 00004130 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-3.job
2015-08-19 21:45 - 2015-08-21 10:38 - 00000870 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-08-19 21:45 - 2015-08-19 23:46 - 00000000 ____D C:\Program Files\igfx32
2015-08-19 21:45 - 2015-08-19 21:45 - 00000000 ____D C:\Program Files\globalUpdate
2015-08-19 21:45 - 2015-08-19 21:45 - 00000000 ____D C:\Program Files\6dfe91b0-e7f7-42b7-b81b-6b7d496064f1
2015-08-19 21:45 - 2015-08-19 21:45 - 00000000 ____D C:\Documents and Settings\yeehow\Local Settings\Application Data\globalUpdate
2015-08-19 21:45 - 2015-08-19 21:44 - 00053760 _____ C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe
2015-08-19 21:45 - 2015-08-19 21:44 - 00000187 _____ C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe.config
2015-08-19 21:40 - 2015-08-19 21:43 - 06953016 _____ C:\Documents and Settings\yeehow\Desktop\T110.TWRP.2.7.0.1.tar.md5
2015-08-19 21:28 - 2015-08-19 21:28 - 00000706 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-08-19 21:28 - 2015-08-19 21:28 - 00000000 ____D C:\Documents and Settings\yeehow\Application Data\TeamViewer
2015-08-19 21:28 - 2015-08-19 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-08-19 21:27 - 2015-08-19 21:30 - 00000000 ____D C:\Program Files\TeamViewer
2015-08-12 12:12 - 2015-08-12 12:12 - 09284296 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe
2015-08-02 08:11 - 2015-08-02 08:11 - 00000000 ____D C:\Documents and Settings\mayliew\Desktop\2015 Travel
2015-08-02 08:03 - 2015-08-02 08:04 - 00000000 ____D C:\Documents and Settings\mayliew\Local Settings\Application Data\NVIDIA
2015-07-24 13:15 - 2015-07-24 13:15 - 00311018 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1708537768-484763869-1801674531-1004-0.dat
2015-07-24 13:01 - 2015-07-24 13:01 - 00000000 ____D C:\Documents and Settings\yeehow\Local Settings\Application Data\Nvidia Corporation
2015-07-24 12:55 - 2015-07-24 12:55 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-24 12:55 - 2015-07-24 12:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-07-24 12:55 - 2015-07-24 12:54 - 00146432 _____ (Oracle Corporation) C:\windows\system32\javacpl.cpl
2015-07-24 12:55 - 2015-07-24 12:54 - 00096352 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-07-24 12:54 - 2015-07-24 12:54 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Oracle
2015-07-24 12:52 - 2015-07-24 12:59 - 00000000 ____D C:\Documents and Settings\yeehow\Local Settings\Application Data\NVIDIA
2015-07-24 12:52 - 2015-07-24 12:52 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2015-07-24 12:52 - 2015-07-24 12:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-21 11:10 - 2009-12-03 22:06 - 00000000 ____D C:\Documents and Settings\yeehow\Local Settings\Temp
2015-08-21 11:04 - 2009-12-03 22:01 - 01199736 _____ C:\windows\WindowsUpdate.log
2015-08-21 10:48 - 2011-12-16 10:13 - 00000000 ____D C:\Documents and Settings\yeehow\Application Data\GarenaPlus
2015-08-21 10:48 - 2011-09-04 14:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\GarenaMessenger
2015-08-21 10:38 - 2015-06-01 11:32 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d09c1ba6deafaa.job
2015-08-21 10:38 - 2015-05-22 11:34 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d09440280790bf.job
2015-08-21 10:38 - 2014-11-17 19:49 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0025c9d2c9b9c.job
2015-08-21 10:38 - 2014-11-12 18:36 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1cffe648a1ba1a8.job
2015-08-21 10:38 - 2010-12-05 12:04 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-21 10:38 - 2010-01-30 13:33 - 00000382 _____ C:\windows\Tasks\FileCure Startup.job
2015-08-21 10:38 - 2009-12-04 05:56 - 00000159 _____ C:\windows\wiadebug.log
2015-08-21 10:38 - 2009-12-04 05:56 - 00000049 _____ C:\windows\wiaservc.log
2015-08-21 10:37 - 2015-07-16 11:14 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0bf757a0293d4.job
2015-08-21 10:37 - 2013-10-12 12:38 - 00000280 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1003.job
2015-08-21 10:37 - 2013-07-09 22:41 - 00000280 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1004.job
2015-08-21 10:37 - 2013-06-26 00:30 - 00000284 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1005.job
2015-08-21 10:37 - 2013-04-20 15:11 - 00000306 _____ C:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1005.job
2015-08-21 10:37 - 2012-11-15 03:06 - 00000280 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1004.job
2015-08-21 10:37 - 2012-09-11 01:03 - 00000302 _____ C:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1004.job
2015-08-21 10:37 - 2011-11-15 10:04 - 00000282 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1008.job
2015-08-21 10:37 - 2011-10-29 16:36 - 00000282 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1007.job
2015-08-21 10:37 - 2010-05-11 22:32 - 00000284 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1005.job
2015-08-21 10:37 - 2010-04-09 15:46 - 00000280 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1003.job
2015-08-21 10:37 - 2009-12-03 22:05 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-21 10:37 - 2009-12-03 22:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-08-21 00:35 - 2009-12-03 22:06 - 00000178 ___SH C:\Documents and Settings\yeehow\ntuser.ini
2015-08-21 00:35 - 2009-12-03 22:05 - 00032540 _____ C:\windows\SchedLgU.Txt
2015-08-21 00:32 - 2010-12-05 12:04 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-21 00:27 - 2013-04-20 15:11 - 00000332 _____ C:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1005.job
2015-08-21 00:12 - 2012-07-31 15:57 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-20 21:55 - 2015-07-03 12:44 - 00000742 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-20 21:55 - 2011-11-07 16:28 - 00000116 _____ C:\Documents and Settings\yeezhian\Desktop\mozilla firefox.lnk
2015-08-20 21:55 - 2011-08-26 19:25 - 00001825 _____ C:\Documents and Settings\yeezhian\Desktop\Google Chrome.lnk
2015-08-20 21:53 - 2010-04-09 15:40 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2015-08-20 21:50 - 2001-08-23 20:00 - 00002206 _____ C:\windows\system32\wpa.dbl
2015-08-20 10:40 - 2009-12-03 22:54 - 00093480 _____ C:\Documents and Settings\yeehow\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-19 21:48 - 2009-12-04 05:52 - 00305216 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-19 21:27 - 2009-12-04 05:54 - 02107493 ____C C:\windows\FaxSetup.log
2015-08-19 21:27 - 2009-12-04 05:54 - 01066840 ____C C:\windows\ocgen.log
2015-08-19 21:27 - 2009-12-04 05:54 - 00983590 ____C C:\windows\tsoc.log
2015-08-19 21:27 - 2009-12-04 05:54 - 00721656 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-19 21:27 - 2009-12-04 05:54 - 00715569 ____C C:\windows\comsetup.log
2015-08-19 21:27 - 2009-12-04 05:54 - 00680822 ____C C:\windows\msmqinst.log
2015-08-19 21:27 - 2009-12-04 05:54 - 00438100 ____C C:\windows\ntdtcsetup.log
2015-08-19 21:27 - 2009-12-04 05:54 - 00372219 ____C C:\windows\netfxocm.log
2015-08-19 21:27 - 2009-12-04 05:54 - 00342167 ____C C:\windows\iis6.log
2015-08-19 21:27 - 2009-12-04 05:54 - 00147850 ____C C:\windows\MedCtrOC.log
2015-08-19 21:27 - 2009-12-04 05:54 - 00118753 ____C C:\windows\ocmsn.log
2015-08-19 21:27 - 2009-12-04 05:54 - 00106725 ____C C:\windows\msgsocm.log
2015-08-19 21:27 - 2009-12-04 05:54 - 00105398 ____C C:\windows\tabletoc.log
2015-08-19 21:27 - 2009-12-04 05:54 - 00004696 _____ C:\windows\imsins.log
2015-08-17 22:26 - 2012-01-12 09:29 - 01112203 _____ C:\windows\setupapi.log
2015-08-17 22:26 - 2009-12-04 05:52 - 00196899 _____ C:\windows\setupact.log
2015-08-17 20:35 - 2013-06-02 16:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2015-08-17 12:12 - 2011-11-15 10:04 - 00000290 _____ C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1008.job
2015-08-13 10:25 - 2013-07-22 00:30 - 00000000 ____D C:\windows\system32\MRT
2015-08-13 10:03 - 2011-03-05 20:45 - 00000000 ____D C:\Documents and Settings\yeehow\Application Data\Skype
2015-08-13 10:00 - 2009-12-04 21:44 - 129304528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-12 12:12 - 2012-07-31 15:57 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-08-12 12:12 - 2011-08-26 19:10 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-11 10:57 - 2013-02-20 21:02 - 00000000 ____D C:\Documents and Settings\yeehow\Desktop\Unused Desktop Shortcuts
2015-08-07 16:19 - 2012-02-15 18:11 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2015-08-05 10:29 - 2015-05-29 15:43 - 00000000 ____D C:\Documents and Settings\yeehow\Desktop\China 2010 no.3
2015-08-02 08:19 - 2011-10-29 16:32 - 00000178 ___SH C:\Documents and Settings\mayliew\ntuser.ini
2015-08-02 08:10 - 2011-10-29 16:32 - 00000000 ____D C:\Documents and Settings\mayliew\Local Settings\Temp
2015-08-02 08:05 - 2013-06-01 15:42 - 00000000 ____D C:\Documents and Settings\mayliew\Local Settings\Application Data\Pokki
2015-07-31 09:13 - 2011-11-12 20:16 - 00000000 ____D C:\Program Files\GarenaLoL
2015-07-30 12:24 - 2011-10-28 21:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Garena
2015-07-30 11:55 - 2015-06-12 17:41 - 00000936 _____ C:\Documents and Settings\All Users\Desktop\Garena+.lnk
2015-07-24 13:15 - 2013-06-08 06:31 - 00311018 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-07-24 12:54 - 2009-12-04 16:35 - 00000000 ____D C:\Program Files\Java
2015-07-24 12:52 - 2012-03-05 20:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation

==================== Files in the root of some directories =======

2015-02-05 12:16 - 2015-02-15 14:59 - 0000020 _____ () C:\Documents and Settings\yeehow\Application Data\appdataFr3.bin
2012-04-04 19:15 - 2012-04-04 19:15 - 0000000 _____ () C:\Documents and Settings\yeehow\Application Data\bibstats
2011-04-24 11:18 - 2011-05-07 10:27 - 0046658 _____ () C:\Documents and Settings\yeehow\Application Data\room.dat
2011-09-13 17:12 - 2015-06-05 11:50 - 0045194 _____ () C:\Documents and Settings\yeehow\Application Data\room_v3.dat
2009-12-04 22:51 - 2015-06-04 18:51 - 0032256 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-03-03 21:31 - 2013-11-16 22:11 - 0000000 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\prvlcl.dat
2015-08-19 21:45 - 2015-08-19 21:44 - 0053760 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe
2015-08-19 21:45 - 2015-08-19 21:44 - 0000187 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe.config

Some files in TEMP:
====================
C:\Documents and Settings\mayliew\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5wreix.dll
C:\Documents and Settings\yeehow\Local Settings\Temp\9F0C.exe
C:\Documents and Settings\yeehow\Local Settings\Temp\C658.exe
C:\Documents and Settings\yeehow\Local Settings\Temp\D22F.exe
C:\Documents and Settings\yeehow\Local Settings\Temp\E421.exe
C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150521to150602.exe
C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150602to150616.exe
C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150616to150630.exe
C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150630to150714v2.exe
C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150714to150724.exe
C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150724to150729.exe
C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150729to150807.exe
C:\Documents and Settings\yeehow\Local Settings\Temp\nsv10A.exe
C:\Documents and Settings\yeehow\Local Settings\Temp\VersionModule.dll
C:\Documents and Settings\yeehow\Local Settings\Temp\{3B0C0074-25F5-4CF0-85CF-8C9600CB5E71}-44.0.2403.155_chrome_installer.exe
C:\Documents and Settings\yeejin\Local Settings\Temp\ose00000.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\nsprs.dll
C:\Windows\System32\serauth1.dll
C:\Windows\System32\serauth2.dll
C:\Windows\System32\ssprs.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

yeehow · Aug 21, 2015

Please help me Broni(Malware Annihilator)

Broni · Aug 21, 2015

Uninstall following unwanted programs:

BasicFix
Bundled software uninstaller
Claro LTD toolbar on IE
DefaultTab Chrome
Free Zip 9.20
Rich Media Player

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

yeehow · Aug 24, 2015

Can uninstall theese
BasicFix
Bundled software uninstaller
Rich Media Player

Broni · Aug 24, 2015

Thanks for letting me know.
Go ahead with other steps.

Broni · Aug 28, 2015

Still with me?

Broni · Sep 2, 2015

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.

Inactive-A Bad image error

yeehow

Posts: 7 +0

Broni

Posts: 56,041 +516

yeehow

Posts: 7 +0

yeehow

Posts: 7 +0

yeehow

Posts: 7 +0

yeehow

Posts: 7 +0

yeehow

Posts: 7 +0

Broni

Posts: 56,041 +516

yeehow

Posts: 7 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts