TechSpot

Bad image error

By yeehow
Aug 20, 2015
  1. Please would someone help me
    Windows Xp, but I get a bad image error on all start up apps, and when I try to start any program even Chrome browser. it makes my scare please I need advice
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. yeehow

    yeehow TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2015
    Ran by yeehow (2015-08-21 11:11:18)
    Running from C:\Documents and Settings\yeehow\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1708537768-484763869-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-1708537768-484763869-1801674531-1014 - Limited - Enabled)
    Guest (S-1-5-21-1708537768-484763869-1801674531-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
    HelpAssistant (S-1-5-21-1708537768-484763869-1801674531-1000 - Limited - Disabled)
    mayliew (S-1-5-21-1708537768-484763869-1801674531-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\mayliew
    SUPPORT_388945a0 (S-1-5-21-1708537768-484763869-1801674531-1002 - Limited - Disabled)
    yee how (S-1-5-21-1708537768-484763869-1801674531-1017 - Administrator - Enabled)
    yeehow (S-1-5-21-1708537768-484763869-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\yeehow
    yeejin (S-1-5-21-1708537768-484763869-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\yeejin
    yeezhian (S-1-5-21-1708537768-484763869-1801674531-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\yeezhian

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
    Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
    Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
    Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AutoHotkey 1.0.48.05 (HKLM\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
    Bandicam (HKLM\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
    BasicFix (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}) (Version: - OctetIntern) <==== ATTENTION
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version: - ) <==== ATTENTION
    Canon MP Navigator EX 1.2 (HKLM\...\MP Navigator EX 1.2) (Version: - )
    Canon MP190 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series) (Version: - )
    Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
    Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
    Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
    Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Claro LTD toolbar on IE (HKLM\...\claro) (Version: - Claro LTD) <==== ATTENTION
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    DefaultTab Chrome (HKLM\...\DefaultTab Chrome) (Version: 1.1.25 - ) <==== ATTENTION
    D-Link DFE-520TX (HKLM\...\InstallShield_{9629C9A1-74F7-4DD0-B99B-9066925E63F8}) (Version: - D-Link)
    D-Link DFE-520TX (Version: - D-Link) Hidden
    D-Link PCI Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_D-Link) (Version: - )
    doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
    Driver Whiz (HKLM\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz)
    DVD Software (HKLM\...\{609ca3ef-4c43-4af2-b271-da7b670b0634}_is1) (Version: - )
    Easy Phone Sync (HKLM\...\{02007371-F011-4016-A664-ED99890331AB}) (Version: 63 - Media Mushroom Limited)
    Free Audio CD Burner version 2.0.23.430 (HKLM\...\Free Audio CD Burner_is1) (Version: 2.0.23.430 - DVDVideoSoft Ltd.)
    Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version: - )
    Free Zip 9.20 (HKLM\...\7-Zip) (Version: - Somoto Ltd) <==== ATTENTION
    Garena - League of Legends (HKLM\...\LoL) (Version: - Garena Online Pte Ltd.)
    Garena (HKLM\...\Garena) (Version: 3.2 - Garena Interactive Pte Ltd.)
    Garena+ (HKLM\...\im) (Version: 2011 - Garena Online Pte Ltd.)
    Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
    Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
    Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20110512 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
    Harmony EFX RTAS (HKLM\...\{C5DB14FA-75CE-48FB-A497-AFBE58F3FE93}) (Version: 1.0.2 - Antares Audio Technologies)
    InfraRecorder (HKLM\...\InfraRecorder) (Version: - Christian Kindahl)
    Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.13 - PACE Anti-Piracy)
    InterVideo DeviceService (HKLM\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
    iPod for Windows 2005-03-23 (HKLM\...\InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}) (Version: 3.8.0 - Apple Computer, Inc.)
    iPod for Windows 2005-03-23 (Version: 3.8.0 - Apple Computer, Inc.) Hidden
    Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    League of Legends (Version: 1.3 - Riot Games) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
    Microsoft Office Accounting 2009 (HKLM\...\Microsoft Office Accounting 2009) (Version: 4.0.3610.0 - Microsoft Corporation)
    Microsoft Office Accounting 2009 Equifax Addin (HKLM\...\{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}) (Version: 4.0.1930.0 - Microsoft Corporation)
    Microsoft Office Accounting 2009 Fixed Asset Manager (HKLM\...\{53276F5A-85AB-4BEF-BAA2-2490975DC006}) (Version: 4.0.1930.0 - Microsoft Corporation)
    Microsoft Office Accounting 2009 PayPal Addin (HKLM\...\{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}) (Version: 4.0.1930.0 - Microsoft Corporation)
    Microsoft Office Accounting 2009 Tax Integration Add-in (HKLM\...\{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}) (Version: 4.0.1930.0 - Microsoft Corporation)
    Microsoft Office Accounting ADP Payroll Addin (HKLM\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
    Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version: - )
    Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
    MotionDV STUDIO 5.3E LE for DV (HKLM\...\{43F8F1E5-C740-4293-A309-EA9DD6474DB1}) (Version: - )
    Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
    MPEG4 Player 1.0 (HKLM\...\MPEG4 Player_is1) (Version: - spgsoft.com)
    MSN Toolbar Platform (Version: 4.0.0379.0 - Microsoft Corporation) Hidden
    MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
    MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
    MYOB Payroll Tax Forms (HKLM\...\InstallShield_{DF2D5BCE-AEC0-49F1-B0F8-80E0F603F024}) (Version: 5.5.14 - MYOB)
    MYOB Payroll Tax Forms (Version: 5.5.14 - MYOB) Hidden
    MYOB Premier Accounting 2006 (v15) (HKLM\...\InstallShield_{7CBEA175-8D35-4343-8A47-DBF36F86C033}) (Version: 2006 - MYOB US Inc.)
    MYOB Premier Accounting 2006 (v15) (Version: 2006 - MYOB US Inc.) Hidden
    Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version: - )
    Nokia Connectivity Cable Driver (HKLM\...\{C50EF365-2898-489A-B6C7-30DAA466E9A2}) (Version: 7.1.23.0 - Nokia)
    Nokia Software Updater (HKLM\...\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}) (Version: 01.08.010.40008 - Nokia Corporation)
    Norton Identity Safe (HKLM\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
    nullDC 1.0.0 Public Beta 1 Setup (HKLM\...\{C3FDA1E4-1E17-48D8-B4F0-C141E9FFB4BA}) (Version: 1.0.0 - nullDC)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.11.45 - NVIDIA Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.6 - Pando Networks Inc.)
    PC Connectivity Solution (HKLM\...\{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}) (Version: 9.44.0.3 - Nokia)
    PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
    Primavera 6.0 (HKLM\...\InstallShield_{983F7138-0BB4-418B-973B-84EE71001422}) (Version: 6.0.0 - Primavera Systems Inc)
    Primavera 6.0 (Version: 6.0.0 - Primavera Systems Inc) Hidden
    RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5449 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Rich Media Player (HKLM\...\Rich Media Player) (Version: 1.0.0.756 - Radiocom) <==== ATTENTION
    Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
    UBS Accounting System 9.0 (HKLM\...\{6AB67A69-A5D1-11D6-9632-444553540000}) (Version: 1.00.0000 - UBS Corporation Berhad)
    Unity Web Player (HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
    Universal Adb Driver (HKLM\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Outlook 2007 Junk Email Filter (KB2508979) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{D2137BBA-250B-4548-BC1C-19E5009893D7}) (Version: - Microsoft)
    USB Video Device (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.48205.104 - Sonix)
    Video Power (HKLM\...\{17DB3734-EAB4-4717-954B-C860EE162FBA}) (Version: 1.0.24 - Video Power)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WD SmartWare (HKLM\...\{CD0DC280-2489-4464-A2FC-16104676394A}) (Version: 1.1.1.6 - Western Digital)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (HKLM\...\53F13DB4D9611FD63BE580F06F0729BF236ABE68) (Version: 05/27/2006 1.3.2.0 - Advanced Micro Devices)
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4) (HKLM\...\8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA) (Version: 06/01/2009 7.01.0.4 - Nokia)
    Windows Driver Package - Nokia Modem (10/05/2009 4.2) (HKLM\...\05B59228C7E1C21DFBE89260F879BD95880548D8) (Version: 10/05/2009 4.2 - Nokia)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
    Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    ZyDAS IEEE 802.11 b+g Wireless LAN - USB (HKLM\...\{581CE7EA-A30D-0000-1211-088635773309}) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\yeehow\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
    CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-1708537768-484763869-1801674531-1004_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Documents and Settings\yeehow\Local Settings\Temp\7D26f33711\temp\Beeol.blogspot.com_HackPremium_Bee_Online.rar.exe ()

    ==================== Restore Points =========================

    16-07-2015 14:03:14 Software Distribution Service 3.0
    21-07-2015 10:25:49 Software Distribution Service 3.0
    21-07-2015 14:03:43 Software Distribution Service 3.0
    23-07-2015 10:38:12 Software Distribution Service 3.0
    24-07-2015 10:29:49 Software Distribution Service 3.0
    28-07-2015 10:18:03 Software Distribution Service 3.0
    29-07-2015 10:25:52 Software Distribution Service 3.0
    30-07-2015 09:21:22 Software Distribution Service 3.0
    31-07-2015 08:55:39 Software Distribution Service 3.0
    02-08-2015 08:01:12 Software Distribution Service 3.0
    02-08-2015 08:20:05 Software Distribution Service 3.0
    02-08-2015 12:53:50 Software Distribution Service 3.0
    05-08-2015 10:30:41 Software Distribution Service 3.0
    06-08-2015 10:41:49 Software Distribution Service 3.0
    07-08-2015 14:31:42 Software Distribution Service 3.0
    10-08-2015 11:34:19 Software Distribution Service 3.0
    11-08-2015 10:47:18 Software Distribution Service 3.0
    12-08-2015 10:38:41 Software Distribution Service 3.0
    13-08-2015 09:59:05 Software Distribution Service 3.0
    17-08-2015 19:47:44 Software Distribution Service 3.0
    18-08-2015 19:13:56 Software Distribution Service 3.0
    19-08-2015 10:48:10 Software Distribution Service 3.0
    20-08-2015 00:04:27 Software Distribution Service 3.0
    21-08-2015 00:02:13 Software Distribution Service 3.0
    21-08-2015 00:25:31 JRT Pre-Junkware Removal
    21-08-2015 11:04:52 avast! antivirus system restore point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2001-08-23 20:00 - 2001-08-23 20:00 - 00000734 ____N C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-1-6.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-1-6.exe <==== ATTENTION
    Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-1-7.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-1-7.exe <==== ATTENTION
    Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-10_user.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-10.exe <==== ATTENTION
    Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-3.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-3.exe <==== ATTENTION
    Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-4.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-4.exe <==== ATTENTION
    Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-5.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-5.exe <==== ATTENTION
    Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-6.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-6.exe <==== ATTENTION
    Task: C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-7.job => C:\Program Files\SavePass 1.1\2b164832-4f49-438d-97d2-21c6c4b777d8-7.exe <==== ATTENTION
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\windows\Tasks\Driver Whiz-RTMRules.job => C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe
    Task: C:\windows\Tasks\Driver Whiz-RTMScan.job => C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe
    Task: C:\windows\Tasks\Driver Whiz-RTMUpdater.job => C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe
    Task: C:\windows\Tasks\FileCure Startup.job => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
    Task: C:\windows\Tasks\FileCure.job => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
    Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cffe648a1ba1a8.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0025c9d2c9b9c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d09440280790bf.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d09c1ba6deafaa.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0bf757a0293d4.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    Task: C:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    Task: C:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: C:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: C:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: C:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\windows\Tasks\ReclaimerResumeInstall_yeehow.job => C:\Documents and Settings\yeehow\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
    Task: C:\windows\Tasks\ReclaimerResumeInstall_yeezhian.job => C:\Documents and Settings\yeezhian\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2008-04-14 11:41 - 2008-04-14 11:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2008-04-14 11:42 - 2008-04-14 11:42 - 00014336 _____ () C:\windows\system32\msdmo.dll
    2008-04-14 11:42 - 2008-04-14 11:42 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll
    2008-04-14 11:42 - 2011-11-03 23:28 - 00386048 _____ () C:\WINDOWS\system32\qdvd.dll
    2008-04-14 11:42 - 2013-01-02 14:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2006-10-31 14:35 - 2006-10-31 14:35 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
    2013-03-12 16:27 - 2013-03-12 16:27 - 00120600 _____ () C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00073664 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\InputHook.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 02457024 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\Overlay.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00070080 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\PluginKernel.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00111040 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\CommonLib.dll
    2015-07-24 12:52 - 2015-07-15 03:06 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
    2014-05-23 13:46 - 2005-08-02 11:59 - 00471040 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    2014-05-23 13:46 - 2005-07-20 10:11 - 00208896 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\dot1x_dll.dll
    2014-05-23 13:46 - 2004-03-05 15:00 - 00155648 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\SSLEAY32.dll
    2014-05-23 13:46 - 2004-03-05 15:00 - 00827392 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\LIBEAY32.dll
    2014-05-23 13:46 - 2005-08-02 11:59 - 00045056 _____ () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWLAN.dll
    2008-04-14 11:42 - 2013-01-02 14:49 - 01292288 _____ () C:\windows\system32\quartz.dll
    2015-08-16 16:06 - 2015-08-16 16:06 - 00379392 _____ () C:\Program Files\igfx32\igfx32.exe
    2015-08-19 21:45 - 2015-08-19 21:44 - 00053760 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe
    2015-07-14 18:25 - 2015-08-06 19:30 - 10014656 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\GarenaMessenger.exe
    2015-07-14 18:26 - 2015-07-14 18:26 - 00111552 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\CommonLib.dll
    2015-07-14 18:26 - 2015-08-01 17:07 - 01089472 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\ggspawn.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00040384 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\DibModule.dll
    2015-07-14 18:26 - 2015-08-20 18:17 - 00040896 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\VersionModule.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00058304 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\FileLoader.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00094144 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\PluginKernel.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00494016 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\CxImage.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00032192 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\PluginModule.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00177600 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\fs\YYFileSystem.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00380864 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\Http.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00191424 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\MP3Module.dll
    2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lame_enc.DLL
    2015-07-14 18:26 - 2015-07-14 18:26 - 00226752 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\TaskManagerLib.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00113088 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\UILayout.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00965056 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\XLL.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00061888 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\XmlUIModule.dll
    2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\sqlite3.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00231360 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\StatsPlugin.dll
    2015-07-14 18:26 - 2015-08-06 19:31 - 01507264 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\ggplugin.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00199616 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\ImageModule.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00162240 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\libmpg123.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 02948032 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\ggdownloader.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00072640 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\AudioMixerLib.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00023488 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\ClientTcp.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 01552320 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\FileSender.dll
    2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\libzmq.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00963008 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\GaFileTransfer.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00251840 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\MediaEngine.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00033216 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\ServerMemAlloc.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00523712 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\RSALib.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00075200 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\lib\delay_load\UdtLib.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00154048 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\xIM.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00596928 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\xim\plugin_msn.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00467392 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\xim\plugin_xmpp.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00201664 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\xim\plugin_yahoo.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00107968 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\PlatformPlugin.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00243648 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\PluginNews.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00404416 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\GarenaTalkPlugin.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00293824 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\DailyTaskPlugin.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00223168 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\Plugins\GameSalePlugin.dll
    2015-07-14 18:26 - 2015-07-14 18:26 - 00056256 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\ggdllhost.exe
    2015-07-07 19:40 - 2015-08-18 18:29 - 06793664 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\BBtalk.exe
    2015-07-07 19:41 - 2015-07-07 19:41 - 00039872 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\DibModule.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00389056 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\ImageModule.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00824256 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\gagmhook.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00048064 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lollauncher.dll
    2015-07-07 19:41 - 2015-08-20 17:55 - 00029632 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\VersionModule.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00454960 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\sqlite3.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00115648 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\AudioMixerLib.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00036800 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00431552 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\exchndl.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00083904 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\FileManager.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00059840 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\FileSystem.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00380864 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\Http.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00053696 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\InputHookLib.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00048576 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\IPCLib.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00062400 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\LangLib.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00096704 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\audiohost.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00141760 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\MessagePumpLib.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00037312 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\MP3Saver.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00245184 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\libmp3lame.DLL
    2015-07-07 19:41 - 2015-07-07 19:41 - 01054656 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00062912 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\ResLib.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00105920 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\PngModule.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00134592 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\TcpClient.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00144320 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\UdpClient.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00117696 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\UILayout.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00872896 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\UILib.dll
    2015-07-07 19:41 - 2015-07-07 19:41 - 00062400 _____ () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\lib\XmlUIModule.dll
    2015-08-17 20:39 - 2015-08-08 08:13 - 16393032 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll
    2015-07-22 07:17 - 2015-07-22 07:17 - 00954368 _____ () C:\Program Files\GarenaLoL\GameData\Apps\LoL\launcher.lib.dll
    2015-07-22 07:17 - 2015-07-22 07:17 - 00053248 _____ () C:\Program Files\GarenaLoL\GameData\Apps\LoL\launcher.lang-en.dll
    2015-07-22 07:17 - 2015-07-22 07:17 - 00074752 _____ () C:\Program Files\GarenaLoL\GameData\Apps\LoL\Air\LOLClient.exe
    2015-07-22 07:17 - 2015-07-22 07:17 - 04774248 _____ () C:\Program Files\GarenaLoL\GameData\Apps\LoL\Air\Adobe AIR\Versions\1.0\Resources\WebKit.dll
    2015-02-16 20:31 - 2014-02-10 12:44 - 04592128 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
    2015-02-16 20:31 - 2014-02-10 12:44 - 00112128 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7B471B25
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
     
  4. yeehow

    yeehow TS Rookie Topic Starter

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.1
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\WINDOWS\pss\WDDMStatus.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\WINDOWS\pss\WDSmartWare.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDWLan Utility.lnk => C:\WINDOWS\pss\ZDWLan Utility.lnkCommon Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
    MSCONFIG\startupreg: AVG9_TRAY => C:\PROGRA~1\AVG\AVG9\avgtray.exe
    MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
    MSCONFIG\startupreg: DriverCD => E:\Run.exe
    MSCONFIG\startupreg: DriverScanner => "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
    MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe
    MSCONFIG\startupreg: Free PDF Print Dispatcher => C:\Program Files\pdfconverter.com\FreePDF Creator\itFPCPrnDisp.exe
    MSCONFIG\startupreg: IMJPMIG8.1 => "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    MSCONFIG\startupreg: Intuit SyncManager => c:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: mspaint => "C:\WINDOWS\system32\Paint.exe" -autocheck
    MSCONFIG\startupreg: MSPY2002 => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    MSCONFIG\startupreg: nwiz => nwiz.exe /install
    MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    MSCONFIG\startupreg: PHIME2002ASync => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    MSCONFIG\startupreg: ROC_roc_dec12 => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
    MSCONFIG\startupreg: SkyTel => SkyTel.EXE
    MSCONFIG\startupreg: snp2uvc => C:\WINDOWS\vsnp2uvc.exe
    MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
    MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    MSCONFIG\startupreg: tsnp2uvc => C:\WINDOWS\tsnp2uvc.exe
    MSCONFIG\startupreg: UVS11 Preload => D:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
    MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
    DomainProfile\AuthorizedApplications: [C:\Program Files\Pando Networks\Media Booster\PMB.exe] => Enabled:pando Media Booster
    StandardProfile\AuthorizedApplications: [C:\Program Files\Garena\Garena.exe] => Enabled:Garena
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\yeezhian\My Documents\My Music\Garena\Garena.exe] => Enabled:Garena
    StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
    StandardProfile\AuthorizedApplications: [C:\Program Files\Pando Networks\Media Booster\PMB.exe] => Enabled:pando Media Booster
    StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\Room\garena_room.exe] => Enabled:Garena
    StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
    StandardProfile\AuthorizedApplications: [D:\steam\Steam.exe] => Enabled:Steam
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\mayliew\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
    StandardProfile\AuthorizedApplications: [D:\steam\steamapps\common\dota 2 beta\dota.exe] => Enabled:Dota 2
    StandardProfile\AuthorizedApplications: [C:\GarenaDownload\Games\lol\LoLInstaller.exe] => Enabled:LoL Game Installer
    StandardProfile\AuthorizedApplications: [D:\Downloads\GameData\Apps\LoL\Air\LolClient.exe] => Enabled:League of Legends Lobby
    StandardProfile\AuthorizedApplications: [D:\Downloads\GameData\Apps\LoL\Game\League of Legends.exe] => Enabled:League of Legends Game Client
    StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\UpdateManager.exe] => Enabled:UpdateManager Module
    StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\javaw.exe] => Disabled:Java(TM) Platform SE binary
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\yeehow\Local Settings\Temp\RarSFX0\hl.exe] => Enabled:Half-Life Launcher
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\javaw.exe] => Enabled:Java(TM) Platform SE binary
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\muzapp.exe] => Enabled:MUZ AOD APP player
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\yeehow\My Documents\Downloads\BitTorrent.exe] => Enabled:BitTorrent
    StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\ggdllhost.exe] => Enabled:ggdllhost
    StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\bbtalk\BBTalk.exe] => Enabled:Garena Talk
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\mayliew\My Documents\TightVNC\tvnserver.exe] => Enabled:TightVNC Server
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\mayliew\My Documents\TightVNC\vncviewer.exe] => Enabled:TightVNC Viewer
    StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
    StandardProfile\AuthorizedApplications: [C:\Program Files\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe] => Enabled:League of Legends Lobby
    StandardProfile\AuthorizedApplications: [C:\Program Files\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe] => Enabled:League of Legends Game Client
    StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam
    StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\bin\steamwebhelper.exe] => Enabled:Steam Web Helper
    StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe] => Enabled:Team Fortress 2
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\yeehow\My Documents\Downloads\LoLInstaller.exe] => Enabled:LoL Game Installer
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\yeehow\My Documents\Downloads\LoLInstaller (1).exe] => Enabled:LoL Game Installer
    StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\GarenaMessenger.exe] => Disabled:Garena Plus
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:rundll32
    StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\gaa\Garena Plus\ggdllhost.exe] => Enabled:ggdllhost
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
    StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe] => Enabled:NVIDIA Network Service TCP Exception (HTTPS)
    StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
    StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\GarenaLoL\GameData\Apps\LoL\lol.exe] => Enabled:League of Legends Launcher
    DomainProfile\GloballyOpenPorts: [56137:TCP] => Enabled:pando Media Booster
    DomainProfile\GloballyOpenPorts: [56137:UDP] => Enabled:pando Media Booster
    StandardProfile\GloballyOpenPorts: [58319:TCP] => Enabled:pando Media Booster
    StandardProfile\GloballyOpenPorts: [58319:UDP] => Enabled:pando Media Booster
    StandardProfile\GloballyOpenPorts: [59099:TCP] => Enabled:pando Media Booster
    StandardProfile\GloballyOpenPorts: [59099:UDP] => Enabled:pando Media Booster
    StandardProfile\GloballyOpenPorts: [443:TCP] => Enabled:eek:oVoo TCP port 443
    StandardProfile\GloballyOpenPorts: [443:UDP] => Enabled:eek:oVoo UDP port 443
    StandardProfile\GloballyOpenPorts: [37674:TCP] => Enabled:eek:oVoo TCP port 37674
    StandardProfile\GloballyOpenPorts: [37674:UDP] => Enabled:eek:oVoo UDP port 37674
    StandardProfile\GloballyOpenPorts: [37675:UDP] => Enabled:eek:oVoo UDP port 37675
    StandardProfile\GloballyOpenPorts: [56137:TCP] => Enabled:pando Media Booster
    StandardProfile\GloballyOpenPorts: [56137:UDP] => Enabled:pando Media Booster
    StandardProfile\GloballyOpenPorts: [8381:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [8381:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [8382:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [8382:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [8383:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [8383:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:mad:xpsp2res.dll,-22009
    StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    StandardProfile\GloballyOpenPorts: [8370:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [8370:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [6976:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6976:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6891:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6891:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6984:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6984:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6924:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6924:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6893:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6893:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6926:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6926:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6917:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6917:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6977:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6977:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6907:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6907:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6931:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6931:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6988:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6988:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6951:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6951:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6996:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6996:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6973:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6973:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6920:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6920:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6881:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6946:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6946:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6969:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6969:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6992:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6992:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6959:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6959:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6966:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6966:UDP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [8393:TCP] => Enabled:League of Legends Lobby
    StandardProfile\GloballyOpenPorts: [8393:UDP] => Enabled:League of Legends Lobby
    StandardProfile\GloballyOpenPorts: [8390:TCP] => Enabled:League of Legends Game Client
    StandardProfile\GloballyOpenPorts: [8390:UDP] => Enabled:League of Legends Game Client
    StandardProfile\GloballyOpenPorts: [6954:TCP] => Enabled:League of Legends Launcher
    StandardProfile\GloballyOpenPorts: [6954:UDP] => Enabled:League of Legends Launcher

    ==================== Faulty Device Manager Devices =============

    Name: Standard floppy disk controller
    Description: Standard floppy disk controller
    Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
    Manufacturer: (Standard floppy disk controllers)
    Service: fdc
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Nokia 6680
    Description: Nokia Windows Portable Device Driver
    Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Manufacturer: Nokia
    Service: WUDFRd
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Nokia 6300
    Description: Nokia Windows Portable Device Driver
    Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Manufacturer: Nokia
    Service: WUDFRd
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/21/2015 10:38:22 AM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

    Error: (08/21/2015 10:38:06 AM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (08/21/2015 10:38:06 AM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (08/21/2015 10:37:47 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (08/21/2015 10:37:47 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (08/21/2015 10:37:42 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (08/21/2015 10:37:42 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (08/20/2015 11:36:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (08/20/2015 11:36:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (08/20/2015 11:21:00 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.


    System errors:
    =============
    Error: (08/21/2015 10:47:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Salt In service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (08/21/2015 10:41:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/21/2015 10:41:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The RealNetworks Downloader Resolver Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/21/2015 10:39:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The igfx UI Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (08/21/2015 10:39:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The igfx UI Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (08/21/2015 10:39:43 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {577975B8-C40E-43E6-B0DE-4C6B44088B52} did not register with DCOM within the required timeout.

    Error: (08/21/2015 10:39:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Salt In service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (08/21/2015 10:39:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The ExtTag service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/21/2015 10:38:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Itchy Train service failed to start due to the following error:
    %%3

    Error: (08/21/2015 10:38:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
    %%2


    Microsoft Office:
    =========================
    Error: (03/16/2012 05:41:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2244 seconds with 780 seconds of active time. This session ended with a crash.

    Error: (10/26/2011 01:12:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 117 seconds with 0 seconds of active time. This session ended with a crash.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) Processor LE-1620
    Percentage of memory in use: 90%
    Total physical RAM: 1983.48 MB
    Available physical RAM: 185.65 MB
    Total Virtual: 3876.5 MB
    Available Virtual: 1853.41 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:107.42 GB) (Free:3.14 GB) NTFS
    Drive d: () (Fixed) (Total:125.45 GB) (Free:1.27 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 35BA35B9)
    Partition 1: (Active) - (Size=107.4 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=125.5 GB) - (Type=OF Extended)

    ==================== End of log ============================
     
  5. yeehow

    yeehow TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2015
    Ran by yeehow (administrator) on LIEW-F1417587CB (21-08-2015 11:06:45)
    Running from C:\Documents and Settings\yeehow\My Documents\Downloads
    Loaded Profiles: yeehow (Available Profiles: yeejin & yeehow & yeezhian & mayliew & Administrator & Guest)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 6 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (BUFFALO INC.) C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe
    (InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    (Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
    (BUFFALO INC.) C:\Program Files\BUFFALO\SLManagerEasy\Inputps.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) D:\Accounting\MS SQL Server 2005E\MSSQL.2\MSSQL\Binn\sqlservr.exe
    (Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    (RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    () C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    (Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
    () C:\Program Files\igfx32\igfx32.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
    () C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe
    () C:\Program Files\Garena Plus\gaa\Garena Plus\GarenaMessenger.exe
    () C:\Program Files\Garena Plus\gaa\Garena Plus\ggdllhost.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    () C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\BBTalk.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (Solid State Networks) C:\Program Files\GarenaLoL\GameData\Apps\LoL\lol.exe
    () C:\Program Files\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (AVAST Software) C:\Documents and Settings\yeehow\My Documents\Downloads\avast_free_antivirus_setup.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (AVAST Software) C:\DOCUME~1\yeehow\LOCALS~1\Temp\_av_iup.tm~a04632\instup.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [APSDaemon] => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
    HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
    HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2003-10-31] (Cyberlink Corp.)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-15] (RealNetworks, Inc.)
    HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-15] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
    HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-unins...QAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANwAxAD (the data entry has 349 more characters).
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [QuickTime Task] => "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [BIBLauncher] => C:\Program Files\Business-in-a-Box\BIBLauncher.exe
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [GarenaPlus] => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
    AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\ExtTag\DonZozstring.dll => C:\Documents and Settings\All Users\Application Data\ExtTag\DonZozstring.dll [128000 2015-08-20] ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk [2014-05-23]
    ShortcutTarget: ZDWLan Utility.lnk -> C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
    Startup: C:\Documents and Settings\mayliew\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-19]
    ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\yeehow\Application Data\Dropbox\bin\Dropbox.exe (No File)
    Startup: C:\Documents and Settings\yeejin\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk [2010-05-22]
    ShortcutTarget: My_AutoWarkey_Script.lnk -> C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe (No File)
    HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE8HP&PC=B8DF
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXeXvOb402ijbbUMLfpacHKe8blXdRdbMIfcPPE-Cjul7SoRMLYo6aiCwCtMt82G3yLVICWyN5l7upEft
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXeXvOb402ijbbUMLfpacHKe8blXdRdbMIfcPPE-Cjul7SoRMLYo6aiCwCtMt82G3yLVICWyN5l7upEft
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXeXvOb402ijbbUMLfpacHKe8blXdRdbMIfcPPE-Cjul7SoRMLYo6aiCwCtMt82G3yLVICWyN5l7upEft
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE8HP&PC=B8DF
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://isearch.claro-search.com/?affID=115131&tt=3312_3&babsrc=HP_iclro&mntrId=785171670000000000001c7ee55da9f4
    HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    URLSearchHook: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\system32\shdocvw.dll (Microsoft Corporation)
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2356&r=2015/01/14&hid=11438438565546579678&lg=EN&cc=MY&unqvl=74
    SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
    SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={403C707D-A3BE-4D18-9432-1FB647272D88}&mid=692f4a65ca390ea81945f4c38f34ac5d-4a610747be0eed310e2c10440192e4236e074e76&lang=us&ds=AVG&pr=fr&d=2011-12-01 22:06:32&v=9.0.0.18&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {A6D5CBCB-40D4-421C-A70A-9FE2BE56E997} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=kwmusic_adr
    SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2356&r=2015/01/14&hid=11438438565546579678&lg=EN&cc=MY&unqvl=74
    SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
    BHO: Claro LTD Helper Object -> {000F18F2-09EB-4A59-82B2-5AE4184C39C3} -> C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll [2012-07-09] (Montera Technologeis LTD)
    BHO: Yahoo! Companion BHO -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO: No Name -> {377e5d4d-77e5-476a-8716-7e70a9272da0} -> No File
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO: DigiSaveR -> {4f4124cd-09cb-4c08-9156-2d6e15f2c7a1} -> C:\Program Files\DigiSaveR\WGcH3saZaEX9KY.dll No File
    BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-24] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO: Rich Media Downloader -> {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -> C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll [2013-04-16] (Radiocom CJSC)
    BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
    BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-24] (Oracle Corporation)
    BHO: Rich Media Player -> {FEB703F7-E7B2-4AB0-9566-87658AC70095} -> C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll [2013-03-12] ()
    Toolbar: HKLM - &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
    Toolbar: HKLM - Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.6.4.1\claroTlbr.dll [2012-07-09] (Montera Technologeis LTD)
    Toolbar: HKLM - No Name - {377e5d4d-77e5-476a-8716-7e70a9272da0} - No File
    Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - No File
    Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No File
    Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
    Filter: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - No File
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{26CEE3C0-771A-4FC4-82B3-8AE14B3A351F}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{8AB78108-20E8-4B8E-974B-DB58DDC07083}: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default
    FF DefaultSearchEngine: WebSearch
    FF DefaultSearchEngine,S: WebSearch
    FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=2356&r=2015/01/14&hid=11438438565546579678&lg=EN&cc=MY&unqvl=74&l=1&q=
    FF SearchEngineOrder.1: WebSearch
    FF SearchEngineOrder.1,S: WebSearch
    FF SelectedSearchEngine: WebSearch
    FF SelectedSearchEngine,S: WebSearch
    FF Homepage: C:\Documents and Settings\All Users\Application Data\ExtTags\ff.HP
    FF Keyword.URL: hxxp://websearch.thesearchpage.info/?pid=2356&r=2015/01/14&hid=11438438565546579678&lg=EN&cc=MY&unqvl=74&l=1&q=
    FF NewTab: C:\Documents and Settings\All Users\Application Data\ExtTags\ff.NT
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
    FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-24] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-24] (Oracle Corporation)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll [No File]
    FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-03] (Pando Networks)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-15] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-15] (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-19] (globalUpdate)
    FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-19] (globalUpdate)
    FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-07-07] ( Garena)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1708537768-484763869-1801674531-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\yeehow\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-03] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-1708537768-484763869-1801674531-1004: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-03] (Pando Networks)
    FF user.js: detected! => C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\user.js [2012-08-17]
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-15] (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-03-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-03-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-03-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-03-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-03-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-03-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-03-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2013-03-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-15] (RealPlayer)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-10-27] (Nullsoft, Inc.)
    FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\Ask.xml [2013-09-25]
    FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\findit.xml [2015-08-20]
    FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\safesearch.xml [2015-07-03]
    FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\search-here.xml [2015-07-29]
    FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\WebSearch.xml [2015-02-15]
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2011-09-14]
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml [2013-09-25]
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-03-13]
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-08-17]
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2011-09-14]
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2013-05-25]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\findit.xml [2015-08-20]
    FF Extension: SavePass 1.1 - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com [2015-08-19]
    FF Extension: BestSavEFaorYoue - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\99ZsY@mz.net [2015-02-15]
    FF Extension: DisscountExteansi - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\eyj1uHM@w6Z.com [2015-02-15]
    FF Extension: youtubeadblocker - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\HmRtL027Xm@A.com [2015-02-15]
    FF Extension: JOONeiCeoupon - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\kYw@V6y.org [2015-02-15]
    FF Extension: uunisales - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\QS@A8Ra1UO7.com [2015-02-15]
    FF Extension: youtubeadblocker - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\T1@Y.org [2015-07-03]
    FF Extension: Fun2Savve - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\tMwuQDrDv@2.org [2015-02-15]
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-21]
    FF Extension: New tab - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\{22DA3B04-FD20-3544-DA68-52829EE1CE45} [2014-01-12]
    FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-09-11]
    FF Extension: Yahoo! Toolbar - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-07-08]
    FF Extension: Default Tab - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\addon@defaulttab.com.xpi [2013-09-25]
    FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013-12-29]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-29]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-29]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-04]
    FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-05]
    FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox
    FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-06-11]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: No Name - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-11-01]
    FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}
    FF Extension: Rich Media Player extension - C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013-05-25]
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-15]
    FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
    FF Extension: Norton Identity Safe Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2015-08-21]
     
  6. yeehow

    yeehow TS Rookie Topic Starter

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-15]
    CHR Extension: (Google Search) - C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-15]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-25]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-15]
    CHR Extension: (Gmail) - C:\Documents and Settings\yeehow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-15]
    CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Documents and Settings\yeehow\Application Data\Media Finder\Extensions\gencrawler_gc.crx <not found>
    CHR HKLM\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx [2013-04-16]
    CHR HKLM\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx [2013-02-28]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
    CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Documents and Settings\yeehow\Application Data\Media Finder\Extensions\mf_plugin_gc.crx <not found>
    CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-26]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 6to4; C:\windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
    R2 bufssvr; C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe [90112 2010-03-12] (BUFFALO INC.) [File not signed]
    R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
    R2 doonloaderaroductpeo; C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe [53760 2015-08-19] () [File not signed]
    S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-08-19] (globalUpdate) [File not signed] <==== ATTENTION
    S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-08-19] (globalUpdate) [File not signed] <==== ATTENTION
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 igfx32; C:\Program Files\igfx32\igfx32.exe [379392 2015-08-16] () [File not signed] <==== ATTENTION
    R2 MSSQL$SQLEXPRESS; d:\Accounting\MS SQL Server 2005E\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
    R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
    R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-15] (NVIDIA Corporation)
    S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed]
    R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
    R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-10-14] (WDC) [File not signed]
    R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
    S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
    S2 ExtTag; C:\Documents and Settings\All Users\Application Data\ExtTag\ExtTag [X]
    S2 Itchy Train; "C:\Program Files\Itchy Train\Itchy Train.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R5 ACPI; C:\windows\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation)
    R1 AmdK8; C:\windows\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)
    R5 atapi; C:\windows\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)
    S3 CCDECODE; C:\windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    R1 ccSet_NST; C:\windows\system32\drivers\NST\7DE070B0.02A\ccSetx86.sys [127064 2013-09-28] (Symantec Corporation)
    R5 Disk; C:\windows\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)
    R5 dmio; C:\windows\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)
    R5 dmload; C:\windows\System32\drivers\dmload.sys [5888 2001-08-23] (Microsoft Corp., Veritas Software.)
    R3 FETNDISB; C:\windows\System32\DRIVERS\dlkfet5b.sys [43008 2007-07-13] (D-Link )
    R5 FltMgr; C:\windows\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation)
    R2 fssfltr; C:\windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
    R5 Ftdisk; C:\windows\System32\DRIVERS\ftdisk.sys [125056 2001-08-23] (Microsoft Corporation)
    S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2009-12-03] (Windows (R) 2000 DDK provider)
    R5 isapnp; C:\windows\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation)
    R5 KSecDD; C:\windows\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
    R5 MountMgr; C:\windows\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation)
    R5 Mup; C:\windows\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
    R5 NDIS; C:\windows\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)
    S3 NdisIP; C:\windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    R5 nvata; C:\windows\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation)
    S3 NVENETFD; C:\windows\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation)
    R5 nvgts; C:\windows\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
    S3 nvnetbus; C:\windows\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation)
    R5 PartMgr; C:\windows\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)
    R5 PCI; C:\windows\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)
    R5 PCIIde; C:\windows\System32\DRIVERS\pciide.sys [3328 2001-08-23] (Microsoft Corporation)
    R5 PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [45648 2011-03-05] (Sonic Solutions)
    R5 sr; C:\windows\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
    R1 Tcpip6; C:\windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
    R5 TPkd; C:\windows\system32\Drivers\TPkd.sys [86016 2009-12-23] (PACE Anti-Piracy, Inc.) [File not signed]
    R5 VolSnap; C:\windows\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation)
    S3 WLAN(WLAN); C:\windows\System32\DRIVERS\zd1211u.sys [278016 2005-08-16] (ZyDAS Technology Corporation)
    R5 WudfPf; C:\windows\System32\DRIVERS\WudfPf.sys [77696 2008-01-18] (Microsoft Corporation)
    S3 ZD1211U(ZyDAS); C:\windows\System32\DRIVERS\zd1211u.sys [278016 2005-08-16] (ZyDAS Technology Corporation)
    S3 ZDPSp50; C:\windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    U4 aswSP; no ImagePath
    S3 GarenaPEngine; \??\C:\DOCUME~1\yeejin\LOCALS~1\Temp\UZLDF.tmp [X]
    S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\gaa\Garena Plus\Room\safedrv.sys [X]
    S4 IntelIde; no ImagePath
    S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
    S3 PcaSp50; system32\DRIVERS\PcaSp50.sys [X]
    S2 StarOpen; no ImagePath
    S3 tcpip helper; \??\C:\Program Files\Garena Plus\x86\tcpiphlp.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-21 11:08 - 2015-08-21 11:08 - 00043112 _____ (AVAST Software) C:\windows\ava2FA.tmp
    2015-08-21 11:06 - 2015-08-21 11:07 - 00000000 ___DC C:\FRST
    2015-08-21 11:04 - 2015-08-21 11:04 - 00000000 ____D C:\Program Files\AVAST Software
    2015-08-21 11:01 - 2015-08-21 11:02 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\AVAST Software
    2015-08-21 11:01 - 2015-08-21 11:01 - 00433264 _____ (AVAST Software) C:\windows\system32\Drivers\hosuvjxs.sys
    2015-08-20 22:10 - 2015-08-20 22:10 - 00000544 _____ C:\Documents and Settings\yeehow\Desktop\Shortcut to MP Navigator EX.lnk
    2015-08-20 21:54 - 2015-08-20 21:55 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\ExtTags
    2015-08-20 21:54 - 2015-08-20 21:55 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\ExtTag
    2015-08-20 21:52 - 2015-08-21 10:39 - 00001111 _____ C:\Documents and Settings\yeehow\Desktop\Google Chrome.lnk
    2015-08-20 11:40 - 2015-08-19 21:44 - 00053760 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\Tough-Cof
    2015-08-20 10:40 - 2015-08-19 21:44 - 00053760 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\Mathdonity
    2015-08-19 23:32 - 2015-08-19 23:32 - 00000000 ____D C:\Documents and Settings\yeehow\Local Settings\Application Data\TeamViewer
    2015-08-19 22:02 - 2013-09-30 15:07 - 02290688 _____ (Samsung Electronics Co., Ltd.) C:\Documents and Settings\yeehow\Desktop\Odin3 v3.09.exe
    2015-08-19 21:46 - 2015-08-21 10:46 - 00003110 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-1-6.job
    2015-08-19 21:46 - 2015-08-21 10:38 - 00003110 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-1-7.job
    2015-08-19 21:46 - 2015-08-21 10:38 - 00002418 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-5.job
    2015-08-19 21:45 - 2015-08-21 10:45 - 00005490 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-6.job
    2015-08-19 21:45 - 2015-08-21 10:45 - 00002084 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-10_user.job
    2015-08-19 21:45 - 2015-08-21 10:38 - 00005154 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-7.job
    2015-08-19 21:45 - 2015-08-21 10:38 - 00004130 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-4.job
    2015-08-19 21:45 - 2015-08-21 10:38 - 00004130 _____ C:\windows\Tasks\2b164832-4f49-438d-97d2-21c6c4b777d8-3.job
    2015-08-19 21:45 - 2015-08-21 10:38 - 00000870 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
    2015-08-19 21:45 - 2015-08-19 23:46 - 00000000 ____D C:\Program Files\igfx32
    2015-08-19 21:45 - 2015-08-19 21:45 - 00000000 ____D C:\Program Files\globalUpdate
    2015-08-19 21:45 - 2015-08-19 21:45 - 00000000 ____D C:\Program Files\6dfe91b0-e7f7-42b7-b81b-6b7d496064f1
    2015-08-19 21:45 - 2015-08-19 21:45 - 00000000 ____D C:\Documents and Settings\yeehow\Local Settings\Application Data\globalUpdate
    2015-08-19 21:45 - 2015-08-19 21:44 - 00053760 _____ C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe
    2015-08-19 21:45 - 2015-08-19 21:44 - 00000187 _____ C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe.config
    2015-08-19 21:40 - 2015-08-19 21:43 - 06953016 _____ C:\Documents and Settings\yeehow\Desktop\T110.TWRP.2.7.0.1.tar.md5
    2015-08-19 21:28 - 2015-08-19 21:28 - 00000706 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
    2015-08-19 21:28 - 2015-08-19 21:28 - 00000000 ____D C:\Documents and Settings\yeehow\Application Data\TeamViewer
    2015-08-19 21:28 - 2015-08-19 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
    2015-08-19 21:27 - 2015-08-19 21:30 - 00000000 ____D C:\Program Files\TeamViewer
    2015-08-12 12:12 - 2015-08-12 12:12 - 09284296 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe
    2015-08-02 08:11 - 2015-08-02 08:11 - 00000000 ____D C:\Documents and Settings\mayliew\Desktop\2015 Travel
    2015-08-02 08:03 - 2015-08-02 08:04 - 00000000 ____D C:\Documents and Settings\mayliew\Local Settings\Application Data\NVIDIA
    2015-07-24 13:15 - 2015-07-24 13:15 - 00311018 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1708537768-484763869-1801674531-1004-0.dat
    2015-07-24 13:01 - 2015-07-24 13:01 - 00000000 ____D C:\Documents and Settings\yeehow\Local Settings\Application Data\Nvidia Corporation
    2015-07-24 12:55 - 2015-07-24 12:55 - 00000000 ____D C:\Program Files\Common Files\Java
    2015-07-24 12:55 - 2015-07-24 12:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2015-07-24 12:55 - 2015-07-24 12:54 - 00146432 _____ (Oracle Corporation) C:\windows\system32\javacpl.cpl
    2015-07-24 12:55 - 2015-07-24 12:54 - 00096352 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
    2015-07-24 12:54 - 2015-07-24 12:54 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Oracle
    2015-07-24 12:52 - 2015-07-24 12:59 - 00000000 ____D C:\Documents and Settings\yeehow\Local Settings\Application Data\NVIDIA
    2015-07-24 12:52 - 2015-07-24 12:52 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
    2015-07-24 12:52 - 2015-07-24 12:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-21 11:10 - 2009-12-03 22:06 - 00000000 ____D C:\Documents and Settings\yeehow\Local Settings\Temp
    2015-08-21 11:04 - 2009-12-03 22:01 - 01199736 _____ C:\windows\WindowsUpdate.log
    2015-08-21 10:48 - 2011-12-16 10:13 - 00000000 ____D C:\Documents and Settings\yeehow\Application Data\GarenaPlus
    2015-08-21 10:48 - 2011-09-04 14:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\GarenaMessenger
    2015-08-21 10:38 - 2015-06-01 11:32 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d09c1ba6deafaa.job
    2015-08-21 10:38 - 2015-05-22 11:34 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d09440280790bf.job
    2015-08-21 10:38 - 2014-11-17 19:49 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0025c9d2c9b9c.job
    2015-08-21 10:38 - 2014-11-12 18:36 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1cffe648a1ba1a8.job
    2015-08-21 10:38 - 2010-12-05 12:04 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-08-21 10:38 - 2010-01-30 13:33 - 00000382 _____ C:\windows\Tasks\FileCure Startup.job
    2015-08-21 10:38 - 2009-12-04 05:56 - 00000159 _____ C:\windows\wiadebug.log
    2015-08-21 10:38 - 2009-12-04 05:56 - 00000049 _____ C:\windows\wiaservc.log
    2015-08-21 10:37 - 2015-07-16 11:14 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0bf757a0293d4.job
    2015-08-21 10:37 - 2013-10-12 12:38 - 00000280 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1003.job
    2015-08-21 10:37 - 2013-07-09 22:41 - 00000280 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1004.job
    2015-08-21 10:37 - 2013-06-26 00:30 - 00000284 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1005.job
    2015-08-21 10:37 - 2013-04-20 15:11 - 00000306 _____ C:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1005.job
    2015-08-21 10:37 - 2012-11-15 03:06 - 00000280 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1004.job
    2015-08-21 10:37 - 2012-09-11 01:03 - 00000302 _____ C:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1004.job
    2015-08-21 10:37 - 2011-11-15 10:04 - 00000282 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1008.job
    2015-08-21 10:37 - 2011-10-29 16:36 - 00000282 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1007.job
    2015-08-21 10:37 - 2010-05-11 22:32 - 00000284 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1005.job
    2015-08-21 10:37 - 2010-04-09 15:46 - 00000280 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-484763869-1801674531-1003.job
    2015-08-21 10:37 - 2009-12-03 22:05 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2015-08-21 10:37 - 2009-12-03 22:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
    2015-08-21 00:35 - 2009-12-03 22:06 - 00000178 ___SH C:\Documents and Settings\yeehow\ntuser.ini
    2015-08-21 00:35 - 2009-12-03 22:05 - 00032540 _____ C:\windows\SchedLgU.Txt
    2015-08-21 00:32 - 2010-12-05 12:04 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-08-21 00:27 - 2013-04-20 15:11 - 00000332 _____ C:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1005.job
    2015-08-21 00:12 - 2012-07-31 15:57 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-08-20 21:55 - 2015-07-03 12:44 - 00000742 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2015-08-20 21:55 - 2011-11-07 16:28 - 00000116 _____ C:\Documents and Settings\yeezhian\Desktop\mozilla firefox.lnk
    2015-08-20 21:55 - 2011-08-26 19:25 - 00001825 _____ C:\Documents and Settings\yeezhian\Desktop\Google Chrome.lnk
    2015-08-20 21:53 - 2010-04-09 15:40 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    2015-08-20 21:50 - 2001-08-23 20:00 - 00002206 _____ C:\windows\system32\wpa.dbl
    2015-08-20 10:40 - 2009-12-03 22:54 - 00093480 _____ C:\Documents and Settings\yeehow\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2015-08-19 21:48 - 2009-12-04 05:52 - 00305216 _____ C:\windows\system32\FNTCACHE.DAT
    2015-08-19 21:27 - 2009-12-04 05:54 - 02107493 ____C C:\windows\FaxSetup.log
    2015-08-19 21:27 - 2009-12-04 05:54 - 01066840 ____C C:\windows\ocgen.log
    2015-08-19 21:27 - 2009-12-04 05:54 - 00983590 ____C C:\windows\tsoc.log
    2015-08-19 21:27 - 2009-12-04 05:54 - 00721656 _____ C:\windows\system32\PerfStringBackup.INI
    2015-08-19 21:27 - 2009-12-04 05:54 - 00715569 ____C C:\windows\comsetup.log
    2015-08-19 21:27 - 2009-12-04 05:54 - 00680822 ____C C:\windows\msmqinst.log
    2015-08-19 21:27 - 2009-12-04 05:54 - 00438100 ____C C:\windows\ntdtcsetup.log
    2015-08-19 21:27 - 2009-12-04 05:54 - 00372219 ____C C:\windows\netfxocm.log
    2015-08-19 21:27 - 2009-12-04 05:54 - 00342167 ____C C:\windows\iis6.log
    2015-08-19 21:27 - 2009-12-04 05:54 - 00147850 ____C C:\windows\MedCtrOC.log
    2015-08-19 21:27 - 2009-12-04 05:54 - 00118753 ____C C:\windows\ocmsn.log
    2015-08-19 21:27 - 2009-12-04 05:54 - 00106725 ____C C:\windows\msgsocm.log
    2015-08-19 21:27 - 2009-12-04 05:54 - 00105398 ____C C:\windows\tabletoc.log
    2015-08-19 21:27 - 2009-12-04 05:54 - 00004696 _____ C:\windows\imsins.log
    2015-08-17 22:26 - 2012-01-12 09:29 - 01112203 _____ C:\windows\setupapi.log
    2015-08-17 22:26 - 2009-12-04 05:52 - 00196899 _____ C:\windows\setupact.log
    2015-08-17 20:35 - 2013-06-02 16:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
    2015-08-17 12:12 - 2011-11-15 10:04 - 00000290 _____ C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-484763869-1801674531-1008.job
    2015-08-13 10:25 - 2013-07-22 00:30 - 00000000 ____D C:\windows\system32\MRT
    2015-08-13 10:03 - 2011-03-05 20:45 - 00000000 ____D C:\Documents and Settings\yeehow\Application Data\Skype
    2015-08-13 10:00 - 2009-12-04 21:44 - 129304528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-08-12 12:12 - 2012-07-31 15:57 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
    2015-08-12 12:12 - 2011-08-26 19:10 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
    2015-08-11 10:57 - 2013-02-20 21:02 - 00000000 ____D C:\Documents and Settings\yeehow\Desktop\Unused Desktop Shortcuts
    2015-08-07 16:19 - 2012-02-15 18:11 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    2015-08-05 10:29 - 2015-05-29 15:43 - 00000000 ____D C:\Documents and Settings\yeehow\Desktop\China 2010 no.3
    2015-08-02 08:19 - 2011-10-29 16:32 - 00000178 ___SH C:\Documents and Settings\mayliew\ntuser.ini
    2015-08-02 08:10 - 2011-10-29 16:32 - 00000000 ____D C:\Documents and Settings\mayliew\Local Settings\Temp
    2015-08-02 08:05 - 2013-06-01 15:42 - 00000000 ____D C:\Documents and Settings\mayliew\Local Settings\Application Data\Pokki
    2015-07-31 09:13 - 2011-11-12 20:16 - 00000000 ____D C:\Program Files\GarenaLoL
    2015-07-30 12:24 - 2011-10-28 21:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Garena
    2015-07-30 11:55 - 2015-06-12 17:41 - 00000936 _____ C:\Documents and Settings\All Users\Desktop\Garena+.lnk
    2015-07-24 13:15 - 2013-06-08 06:31 - 00311018 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2015-07-24 12:54 - 2009-12-04 16:35 - 00000000 ____D C:\Program Files\Java
    2015-07-24 12:52 - 2012-03-05 20:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation

    ==================== Files in the root of some directories =======

    2015-02-05 12:16 - 2015-02-15 14:59 - 0000020 _____ () C:\Documents and Settings\yeehow\Application Data\appdataFr3.bin
    2012-04-04 19:15 - 2012-04-04 19:15 - 0000000 _____ () C:\Documents and Settings\yeehow\Application Data\bibstats
    2011-04-24 11:18 - 2011-05-07 10:27 - 0046658 _____ () C:\Documents and Settings\yeehow\Application Data\room.dat
    2011-09-13 17:12 - 2015-06-05 11:50 - 0045194 _____ () C:\Documents and Settings\yeehow\Application Data\room_v3.dat
    2009-12-04 22:51 - 2015-06-04 18:51 - 0032256 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-03-03 21:31 - 2013-11-16 22:11 - 0000000 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\prvlcl.dat
    2015-08-19 21:45 - 2015-08-19 21:44 - 0053760 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe
    2015-08-19 21:45 - 2015-08-19 21:44 - 0000187 _____ () C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe.config

    Some files in TEMP:
    ====================
    C:\Documents and Settings\mayliew\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5wreix.dll
    C:\Documents and Settings\yeehow\Local Settings\Temp\9F0C.exe
    C:\Documents and Settings\yeehow\Local Settings\Temp\C658.exe
    C:\Documents and Settings\yeehow\Local Settings\Temp\D22F.exe
    C:\Documents and Settings\yeehow\Local Settings\Temp\E421.exe
    C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150521to150602.exe
    C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150602to150616.exe
    C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150616to150630.exe
    C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150630to150714v2.exe
    C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150714to150724.exe
    C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150724to150729.exe
    C:\Documents and Settings\yeehow\Local Settings\Temp\lol_patch_150729to150807.exe
    C:\Documents and Settings\yeehow\Local Settings\Temp\nsv10A.exe
    C:\Documents and Settings\yeehow\Local Settings\Temp\VersionModule.dll
    C:\Documents and Settings\yeehow\Local Settings\Temp\{3B0C0074-25F5-4CF0-85CF-8C9600CB5E71}-44.0.2403.155_chrome_installer.exe
    C:\Documents and Settings\yeejin\Local Settings\Temp\ose00000.exe


    Some zero byte size files/folders:
    ==========================
    C:\Windows\System32\nsprs.dll
    C:\Windows\System32\serauth1.dll
    C:\Windows\System32\serauth2.dll
    C:\Windows\System32\ssprs.dll

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\explorer.exe => File is digitally signed
    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of log ============================
     
  7. yeehow

    yeehow TS Rookie Topic Starter

    Please help me Broni(Malware Annihilator)
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG] Uninstall following unwanted programs:

    BasicFix
    Bundled software uninstaller
    Claro LTD toolbar on IE
    DefaultTab Chrome
    Free Zip 9.20
    Rich Media Player


    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  9. yeehow

    yeehow TS Rookie Topic Starter

    Can uninstall theese
    BasicFix
    Bundled software uninstaller
    Rich Media Player
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Thanks for letting me know.
    Go ahead with other steps.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Still with me?
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...