Inactive-A Hanging pc

Status
Not open for further replies.
soomia

soomia

Posts: 11   +0
Hi everyone
my pc have been facing hanging problem for few days showing virus attacked I ran Farbar Recovery Scan Tool (FRST) as u recomended. Scan FRST log is below. now what should I do??
recommendation would be appriciated
awaitng rep...........
thanxx
first.exe
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015 01
Ran by bb (administrator) on BABAR-EA758DD71 on 19-04-2015 20:48:55
Running from F:\New Folder (3)
Loaded Profiles: bb (Available profiles: bb)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINXP\System32\SMSS.EXE
(Microsoft Corporation) C:\WINXP\System32\CSRSS.EXE
(Microsoft Corporation) C:\WINXP\System32\WINLOGON.EXE
(Microsoft Corporation) C:\WINXP\System32\SERVICES.EXE
(Microsoft Corporation) C:\WINXP\System32\LSASS.EXE
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(Fuyu LIMITED) C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\winzipersvc.exe
(Microsoft Corporation) C:\WINXP\System32\SPOOLSV.EXE
(Microsoft Corporation) C:\WINXP\System32\SCARDSVR.EXE
(Cinema PlusV23.02) C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-6.exe
(Cinema PlusV23.02) C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-10.exe
() C:\Program Files\ver4BlockAndSurf\K5BlockAndSurfm.exe
(Cinema PlusV23.02) C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-6.exe
(Microsoft Corporation) C:\WINXP\EXPLORER.EXE
(Microsoft Corporation) C:\WINXP\System32\CTFMON.EXE
() C:\Program Files\ver4BlockAndSurf\d2BlockAndSurfQD178.exe
(iMesh Inc) C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe
() C:\Documents and Settings\BB\Application Data\VOPackage\VOsrv.exe
(iMesh Inc) C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe
(Microsoft Corporation) C:\WINXP\System32\RUNDLL32.EXE
(iMesh Inc) C:\Program Files\Music App\Datamngr\DatamngrUI.exe
() C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\WINXP\System32\ALG.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Intel Corporation) C:\WINXP\System32\hkcmd.exe
(Intel Corporation) C:\WINXP\System32\igfxpers.exe
(http://lucky-tab.com/) C:\Program Files\LuckyTab\LuckyTab.exe
() C:\WINXP\System32\system3_.exe
(Microsoft Corporation) C:\WINXP\System32\WScript.exe
(Microsoft Corporation) D:\Office12\GrooveMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0\bin\jusched.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Documents and Settings\BB\Application Data\uTorrent\uTorrent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Documents and Settings\All Users\Application Data\{3eb4fb0a-b4b0-7a0c-3eb4-4fb0ab4bec2a}\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).exe
(Microsoft Corporation) C:\WINXP\System32\WBEM\wmiprvse.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\WinZipper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Microsoft Corporation) C:\WINXP\System32\notepad.exe
(Microsoft Corporation) C:\WINXP\System32\notepad.exe
(Microsoft Corporation) C:\WINXP\System32\notepad.exe
 

Attachments

  • FRST.txt
    70.1 KB · Views: 1
  • Addition.txt
    22.9 KB · Views: 0
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015 01
Ran by bb (administrator) on BABAR-EA758DD71 on 19-04-2015 20:48:55
Running from F:\New Folder (3)
Loaded Profiles: bb (Available profiles: bb)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINXP\System32\SMSS.EXE
(Microsoft Corporation) C:\WINXP\System32\CSRSS.EXE
(Microsoft Corporation) C:\WINXP\System32\WINLOGON.EXE
(Microsoft Corporation) C:\WINXP\System32\SERVICES.EXE
(Microsoft Corporation) C:\WINXP\System32\LSASS.EXE
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(Fuyu LIMITED) C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\winzipersvc.exe
(Microsoft Corporation) C:\WINXP\System32\SPOOLSV.EXE
(Microsoft Corporation) C:\WINXP\System32\SCARDSVR.EXE
(Cinema PlusV23.02) C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-6.exe
(Cinema PlusV23.02) C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-10.exe
() C:\Program Files\ver4BlockAndSurf\K5BlockAndSurfm.exe
(Cinema PlusV23.02) C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-6.exe
(Microsoft Corporation) C:\WINXP\EXPLORER.EXE
(Microsoft Corporation) C:\WINXP\System32\CTFMON.EXE
() C:\Program Files\ver4BlockAndSurf\d2BlockAndSurfQD178.exe
(iMesh Inc) C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe
() C:\Documents and Settings\BB\Application Data\VOPackage\VOsrv.exe
(iMesh Inc) C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe
(Microsoft Corporation) C:\WINXP\System32\RUNDLL32.EXE
(iMesh Inc) C:\Program Files\Music App\Datamngr\DatamngrUI.exe
() C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\WINXP\System32\ALG.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Intel Corporation) C:\WINXP\System32\hkcmd.exe
(Intel Corporation) C:\WINXP\System32\igfxpers.exe
(http://lucky-tab.com/) C:\Program Files\LuckyTab\LuckyTab.exe
() C:\WINXP\System32\system3_.exe
(Microsoft Corporation) C:\WINXP\System32\WScript.exe
(Microsoft Corporation) D:\Office12\GrooveMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0\bin\jusched.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Documents and Settings\BB\Application Data\uTorrent\uTorrent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Documents and Settings\All Users\Application Data\{3eb4fb0a-b4b0-7a0c-3eb4-4fb0ab4bec2a}\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).exe
(Microsoft Corporation) C:\WINXP\System32\WBEM\wmiprvse.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\WinZipper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
(Microsoft Corporation) C:\WINXP\System32\notepad.exe
(Microsoft Corporation) C:\WINXP\System32\notepad.exe
(Microsoft Corporation) C:\WINXP\System32\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxtray] => C:\WINXP\system32\igfxtray.exe [94208 2006-04-01] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINXP\system32\hkcmd.exe [77824 2006-04-01] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINXP\system32\igfxpers.exe [114688 2006-04-01] (Intel Corporation)
HKLM\...\Run: [Search Protection] => C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe [903168 2013-06-11] (Visicom Media Inc.)
HKLM\...\Run: [LuckyTab] => C:\Program Files\LuckyTab\LuckyTab.exe [1394112 2015-02-23] (http://lucky-tab.com/)
HKLM\...\Run: [WinCheck] => C:\Documents and Settings\bb\Local Settings\Application Data\AFD5BC98-1424707478-D835-B78A-9EC428C0FBB6\bnsuF6.exe [253952 2015-02-23] ()
HKLM\...\Run: [ConvertAd] => C:\Documents and Settings\bb\Local Settings\Application Data\ConvertAd\ConvertAd.exe [2068992 2014-09-20] ()
HKLM\...\Run: [asodakaossd] => C:\WINXP\system32\cmd.exe /c start C:\Documents" "and" "Settings\bb\Application" "Data\aiasfacoiaksf.vbs exit
HKLM\...\Run: [GrooveMonitor] => D:\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0\bin\jusched.exe [77824 2015-04-02] (Sun Microsystems, Inc.)
HKLM\...\Winlogon: [Userinit] C:\WINXP\System32\Userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe system3_.exe [x ] ()
HKLM\...\Winlogon: [UIHost] C:\WINXP\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINXP\system32\crypt32.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINXP\system32\cryptnet.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINXP\system32\cscdll.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINXP\System32\dimsntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINXP\system32\igfxdev.dll [2006-04-01] (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINXP\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINXP\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINXP\system32\sclgntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINXP\system32\WlNotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINXP\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\TPSvc: TPSvc.dll [X]
Winlogon\Notify\wlballoon: C:\WINXP\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINXP\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINXP\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [ctfmon.exe] => C:\WINXP\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [uTorrent] => C:\Documents and Settings\bb\Application Data\uTorrent\uTorrent.exe [1442384 2015-03-26] (BitTorrent Inc.)
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [Viber] => "C:\Documents and Settings\bb\Local Settings\Application Data\Viber\Viber.exe"
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [Yahoo Messengger] => C:\WINXP\system32\system3_.exe [828929 2011-09-13] ()
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [SoftonicAssistant] => C:\Documents and Settings\bb\Local Settings\Application Data\SoftonicAssistant\SoftonicAssistant.exe [1835976 2015-03-25] ()
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [asodakaossd] => C:\WINXP\system32\cmd.exe /c start C:\Documents" "and" "Settings\bb\Application" "Data\aiasfacoiaksf.vbs exit
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [MaxigetMasterUpdate] => C:\Program Files\Maxiget\Master\Updater\MasterUpdater.exe [554256 2015-03-27] ()
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Policies\Explorer: [NofolderOptions] 1
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\MountPoints2: {852349ce-23f9-11e4-b0d7-00112554c681} - H:\AutoRun.exe
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\MountPoints2: {9e4f4c54-238f-11e4-b0d3-00112554c681} - H:\AutoRun.exe
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINXP\system32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINXP\system32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-04-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\bb\Start Menu\Programs\Startup\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar.lnk [2015-02-23]
ShortcutTarget: Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar.lnk -> C:\Documents and Settings\All Users\Application Data\{44cfcb08-d445-95e6-44cf-fcb08d442c23}\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar.exe ()
Startup: C:\Documents and Settings\bb\Start Menu\Programs\Startup\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).lnk [2015-02-23]
ShortcutTarget: Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).lnk -> C:\Documents and Settings\All Users\Application Data\{3eb4fb0a-b4b0-7a0c-3eb4-4fb0ab4bec2a}\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).exe ()
Startup: C:\Documents and Settings\bb\Start Menu\Programs\Startup\asodakaossd.lnk [2015-02-23]
ShortcutTarget: asodakaossd.lnk -> C:\WINXP\system32\cmd.exe (Microsoft Corporation)
HKLM\...\AppCertDlls: [x64] -> c:\program files\music app\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Music App\Datamngr\apcrtldr.dll [493800 2014-12-11] () <===== ATTENTION
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Office12\GRA8E1~1.DLL [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Office12\GRA8E1~1.DLL [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Office12\GRA8E1~1.DLL [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Office12\GRA8E1~1.DLL [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Office12\GRA8E1~1.DLL [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-1960408961-1336601894-1644491937-1003] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1960408961-1336601894-1644491937-1003] => http=127.0.0.1:13814;https=127.0.0.1:13814
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mydreamworld.50webs.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mydreamworld.50webs.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mydreamworld.50webs.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mydreamworld.50webs.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?...m12233&uid=ST340015A_5LAMEEKS&q={searchTerms}
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mydreamworld.50webs.com
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.mydreamworld.50webs.com
http://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1949&v=u13661-438&t=4
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1420056892&from=wpm12233&uid=ST340015A_5LAMEEKS
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?...m12233&uid=ST340015A_5LAMEEKS&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://Vosteran.com/?f=2&a=vst_aw_1...tGyEyEzzzz0AtAtAyE0CyD0B0C2Q&cr=548010498&ir=" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?...hid=15972353139034990715&lg=EN&cc=PK&unqvl=82
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4...tGyEyEzzzz0AtAtAyE0CyD0B0C2Q&cr=548010498&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1410574354&from=cor&uid=ST340015A_5LAMEEKS&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ie...E001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?...hid=15972353139034990715&lg=EN&cc=PK&unqvl=82
SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?...m12233&uid=ST340015A_5LAMEEKS&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=jomedia&id=dlsecuretb&v=1_0&ent=ch_6265&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {908E8EB7-E197-40F7-829F-A09C0595B81E} URL = http://Vosteran.com/results.php?f=4...tGyEyEzzzz0AtAtAyE0CyD0B0C2Q&cr=548010498&ir=
SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ie...E001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?...hid=15972353139034990715&lg=EN&cc=PK&unqvl=82
SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll No File
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: SaoVeeLots -> {128d88fe-61b0-4cbe-bdff-933ff1510a26} -> C:\Program Files\SaoVeeLots\Zpy298cMqIg52c.dll [2015-04-11] ()
BHO: NettoCOouppon -> {1ecf1e0b-5dd2-458f-baf8-764495f8b345} -> C:\Program Files\NettoCOouppon\8V9ZWsS2LJDwn3.dll [2015-03-22] ()
BHO: DiggiCouPon -> {4ba712f2-5bad-4150-8c57-c2c4ce95eef7} -> C:\Program Files\DiggiCouPon\A15KHh1LhPiOdd.dll No File
BHO: RoboSaverr -> {559612db-e061-4ee6-adb5-f081b815f061} -> C:\Program Files\RoboSaverr\RFXWB0KQINCWEK.dll [2015-04-11] ()
BHO: DigiiSaver -> {6448049c-b183-4970-8076-9931effa93f2} -> C:\Program Files\DigiiSaver\Y3q1qbE6twWwVd.dll [2015-03-22] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Office12\GRA8E1~1.DLL [2006-10-27] (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2015-04-02] (Sun Microsystems, Inc.)
BHO: CooupaExetoennsion -> {9e0869c4-b955-4b13-9fca-db45ee23d651} -> C:\Program Files\CooupaExetoennsion\ReM7KLHtEEpjdl.dll No File
BHO: AlLSoAver -> {a67c2fed-5e7c-42e2-8b32-2be6467eae5c} -> C:\Program Files\AlLSoAver\DoVTZB4SqOPZTs.dll No File
BHO: IusavEr -> {b37978ed-53e4-454f-b1e9-357eb956d0f9} -> C:\Program Files\IusavEr\pmciGLvc6GRGWp.dll No File
BHO: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files\Smileys We Love Toolbar for IE\adxloader.dll No File
Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files\Smileys We Love Toolbar for IE\adxloader.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINXP\system32\urlmon.dll [2011-06-14] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GR99D3~1.DLL [2006-10-27] (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINXP\system32\wiascr.dll [2008-04-14] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINXP\system32\SHELL32.dll [2011-03-08] (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINXP\system32\winrnr.dll [16896] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINXP\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINXP\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 18 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 19 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 20 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 21 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.look-for-it.info/?pid=1091&r=2015/02/23&hid=15972353139034990715&lg=EN&cc=PK&unqvl=82&l=1&q=
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1949&v=a14976-438&t=4
FF SelectedSearchEngine: Ask.com
FF DefaultSearchEngine: Ask.com
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1949&systemid=1&v=a14976-438&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=0474232664624032&o=APN10653&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINXP\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @omaha.maxiget.com/Maxiget Updater;version=3 -> C:\Program Files\Maxiget\Updater\70.3.31.7019\npMaxigetUpdater3.dll [2015-02-28] (Maxiget Ltd.)
FF Plugin: @omaha.maxiget.com/Maxiget Updater;version=9 -> C:\Program Files\Maxiget\Updater\70.3.31.7019\npMaxigetUpdater3.dll [2015-02-28] (Maxiget Ltd.)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-09] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF user.js: detected! => C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\user.js [2015-03-16]
FF SearchPlugin: C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\searchplugins\Vosteran.xml [2014-12-03]
FF SearchPlugin: C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\searchplugins\WebSearch.xml [2015-02-23]
FF SearchPlugin: C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\searchplugins\Ask.xml [2015-04-18]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml [2015-04-18]
FF Extension: IIsaveur - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\V@G7kzZ.com [2015-02-23]
FF Extension: DigiSAver - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\tg@tGikS.net [2015-02-23]
FF Extension: eastasianeunheui - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\eastasian@eunheui [2015-03-01]
FF Extension: FUn2Save - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\z@WgpV2y94e.org [2015-03-03]
FF Extension: No Name - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\OIBMBKA115048682@HYKFIU97176590.com [2015-03-19]
FF Extension: RoboSaverr - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\5KqTox@z.org [2015-03-23]
FF Extension: No Name - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\bingsearch.full@microsoft.com [2015-03-29]
FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\jid1-FB1bBgFMk5H6Wg@jetpack.xpi [2015-02-24]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2015-04-02]
FF HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\bb\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\bb\Application Data\IDM\idmmzcc5 [2015-03-13]
FF HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\bb\Application Data\IDM\idmmzcc5
 
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-16]
CHR Extension: (Google Sheets) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (Google Slides) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Music App) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaaikjhckghnoaaaehhmgjcfajoabi [2015-03-16]
CHR Extension: (Google Docs) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-16]
CHR Extension: (Gmail) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-16]
CHR Extension: (Vosteran New Tab) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-03-17]
CHR Extension: (Google Drive) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-16]
CHR Extension: (Google Search) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-16]
CHR Extension: (YouTube) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-16]
CHR Extension: (Ask Search) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaajhmeplfccacopbgpfaibalfnhcb [2015-03-17]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-29]
CHR Extension: (History) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\phaehjbfndonoealmdlbliedgiabmcdd [2015-03-22]
CHR HKLM\...\Chrome\Extension: [aaaaaikjhckghnoaaaehhmgjcfajoabi] - C:\Documents and Settings\bb\Local Settings\Application Data\imeshmusicboxtoolbarnew\GC\toolbar.crx [2014-07-02]
CHR HKLM\...\Chrome\Extension: [aaaaajhmeplfccacopbgpfaibalfnhcb] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaajhmeplfccacopbgpfaibalfnhcb.crx [2014-09-22]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Documents and Settings\bb\Local Settings\Temp\swlfiles\smileyswelovetoolbar.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (CinemaP-1.9cV23.02) - C:\Documents and Settings\bb\Application Data\Opera Software\Opera Stable\Extensions\kcdeaofcapijfmeopimkgcepdpbdepnb [2015-02-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe [268464 2015-04-16] (Adobe Systems Incorporated)
S4 Alerter; C:\WINXP\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
R3 ALG; C:\WINXP\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-19] (APN LLC.)
S3 AppMgmt; C:\WINXP\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)
S3 aspnet_state; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [29896 2005-09-23] (Microsoft Corporation)
R2 AudioSrv; C:\WINXP\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
R2 BITS; C:\WINXP\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
R2 BlockAndSurf; C:\Program Files\ver4BlockAndSurf\d2BlockAndSurfQD178.exe [304128 2015-02-23] () [File not signed]
S2 Browser; C:\WINXP\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation)
S3 CiSvc; C:\WINXP\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S4 ClipSrv; C:\WINXP\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66240 2005-09-23] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
R2 CryptSvc; C:\WINXP\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
R2 DatamngrCoordinator; C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe [3574504 2014-12-11] (iMesh Inc)
R2 DcomLaunch; C:\WINXP\system32\rpcss.dll [401408 2010-09-16] (Microsoft Corporation)
R2 Dhcp; C:\WINXP\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
S3 dmadmin; C:\WINXP\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINXP\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINXP\System32\dnsrslvr.dll [45568 2011-04-12] (Microsoft Corporation)
S3 Dot3svc; C:\WINXP\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
R2 dozohylo; C:\Documents and Settings\bb\Application Data\VOPackage\VOsrv.exe [141312 2015-02-23] () [File not signed] <==== ATTENTION
R2 e2dd4ab2; c:\Program Files\StormSaver\StormSaver.dll [1606144 2015-02-23] () [File not signed]
S3 EapHost; C:\WINXP\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
R2 ERSvc; C:\WINXP\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINXP\system32\services.exe [110592 2010-09-16] (Microsoft Corporation)
R3 EventSystem; C:\WINXP\system32\es.dll [253952 2010-09-16] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINXP\System32\shsvcs.dll [135168 2011-03-08] (Microsoft Corporation)
R2 helpsvc; C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
R2 HidServ; C:\WINXP\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINXP\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
R3 HTTPFilter; C:\WINXP\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 ImapiService; C:\WINXP\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
R2 LanmanServer; C:\WINXP\System32\srvsvc.dll [99840 2010-10-12] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINXP\System32\wkssvc.dll [134144 2010-09-16] (Microsoft Corporation)
R2 LmHosts; C:\WINXP\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 Messenger; C:\WINXP\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S2 mglupdate; C:\Program Files\Maxiget\Updater\MaxigetUpdater.exe [132632 2015-02-28] (Maxiget Ltd.)
S3 mglupdatem; C:\Program Files\Maxiget\Updater\MaxigetUpdater.exe [132632 2015-02-28] (Maxiget Ltd.)
S3 Microsoft Office Groove Audit Service; D:\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
S3 mnmsrvc; C:\WINXP\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINXP\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 MSIServer; C:\WINXP\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)
S3 napagent; C:\WINXP\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
S4 NetDDE; C:\WINXP\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINXP\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S3 Netlogon; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R3 Netman; C:\WINXP\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
R3 Nla; C:\WINXP\System32\mswsock.dll [245248 2011-04-12] (Microsoft Corporation)
S3 NtLmSsp; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINXP\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
R2 PlugPlay; C:\WINXP\system32\services.exe [110592 2010-09-16] (Microsoft Corporation)
R2 PolicyAgent; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 RasAuto; C:\WINXP\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
R3 RasMan; C:\WINXP\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S3 RDSessMgr; C:\WINXP\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6079848 2015-01-14] (Reimage®)
S4 RemoteAccess; C:\WINXP\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINXP\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
S3 RpcLocator; C:\WINXP\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
R2 RpcSs; C:\WINXP\system32\rpcss.dll [401408 2010-09-16] (Microsoft Corporation)
S3 RSVP; C:\WINXP\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation)
R2 SamSs; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 SCardSvr; C:\WINXP\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
R2 Schedule; C:\WINXP\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
R2 seclogon; C:\WINXP\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
R2 SENS; C:\WINXP\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
R2 SharedAccess; C:\WINXP\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINXP\System32\shsvcs.dll [135168 2011-03-08] (Microsoft Corporation)
R2 Spooler; C:\WINXP\system32\spoolsv.exe [58880 2010-09-16] (Microsoft Corporation)
R2 srservice; C:\WINXP\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
R3 SSDPSRV; C:\WINXP\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
R2 stisvc; C:\WINXP\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINXP\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
R3 TapiSrv; C:\WINXP\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R3 TermService; C:\WINXP\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
R2 Themes; C:\WINXP\System32\shsvcs.dll [135168 2011-03-08] (Microsoft Corporation)
S4 TlntSvr; C:\WINXP\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
R2 TrkWks; C:\WINXP\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
S3 upnphost; C:\WINXP\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
S3 UPS; C:\WINXP\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
S3 VSS; C:\WINXP\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINXP\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
S3 WebClient; C:\WINXP\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2014-12-26] (Fuyu LIMITED) [File not signed]
R2 winmgmt; C:\WINXP\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [425648 2015-01-28] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
S3 WmdmPmSN; C:\WINXP\system32\mspmsnsv.dll [27136 2010-09-16] (Microsoft Corporation)
S3 Wmi; C:\WINXP\System32\advapi32.dll [617472 2010-09-16] (Microsoft Corporation)
S3 WmiApSrv; C:\WINXP\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
S3 WPFFontCache_v0400; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Microsoft Corporation)
R2 wscsvc; C:\WINXP\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
R2 wuauserv; C:\WINXP\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
S3 WudfSvc; C:\WINXP\System32\WUDFSvc.dll [55808 2010-09-16] (Microsoft Corporation)
R2 WZCSVC; C:\WINXP\System32\wzcsvc.dll [483840 2011-06-14] (Microsoft Corporation)
S3 xmlprov; C:\WINXP\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
S2 Broadband. RunOuc; C:\Program Files\Broadband\UpdateDog\ouc.exe [X]
S3 COMSysApp; C:\WINXP\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
S3 SwPrv; C:\WINXP\system32\dllhost.exe /Processid:{5B7154B9-65DE-47EC-9187-A09D54AB900C}

==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINXP\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation)
S4 ACPIEC; C:\WINXP\system32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation)
S3 aec; C:\WINXP\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINXP\System32\drivers\afd.sys [138496 2011-06-14] (Microsoft Corporation)
S3 aswTap; C:\WINXP\System32\DRIVERS\aswTap.sys [35272 2014-04-22] (The OpenVPN Project)
S3 AsyncMac; C:\WINXP\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation)
R0 atapi; C:\WINXP\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)
S3 Atmarpc; C:\WINXP\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)
R3 audstub; C:\WINXP\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R3 b57w2k; C:\WINXP\System32\DRIVERS\b57xp32.sys [134272 2006-04-01] (Broadcom Corporation)
R1 Beep; C:\WINXP\system32\Drivers\Beep.sys [4224 2008-04-14] (Microsoft Corporation)
S4 cbidf2k; C:\WINXP\system32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation)
S3 CCDECODE; C:\WINXP\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S1 Cdaudio; C:\WINXP\system32\Drivers\Cdaudio.sys [18688 2011-06-14] (Microsoft Corporation)
R4 Cdfs; C:\WINXP\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation)
R1 Cdrom; C:\WINXP\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation)
R0 Disk; C:\WINXP\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)
S4 dmboot; C:\WINXP\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINXP\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINXP\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINXP\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINXP\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
S3 ewusbnet; C:\WINXP\System32\DRIVERS\ewusbnet.sys [245376 2014-08-14] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\WINXP\System32\DRIVERS\ew_hwusbdev.sys [102784 2014-08-14] (Huawei Technologies Co., Ltd.)
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files\Music App\Datamngr\setmgrc3.cfg [38496 2014-12-11] (iMesh Inc)
R4 Fastfat; C:\WINXP\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation)
R3 Fdc; C:\WINXP\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation)
R1 Fips; C:\WINXP\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)
S3 Flpydisk; C:\WINXP\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation)
R0 FltMgr; C:\WINXP\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation)
U1 Fs_Rec; C:\WINXP\system32\Drivers\Fs_Rec.sys [7936 2008-04-14] (Microsoft Corporation)
R0 Ftdisk; C:\WINXP\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation)
R3 Gpc; C:\WINXP\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)
R3 HidUsb; C:\WINXP\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation)
R3 HTTP; C:\WINXP\System32\Drivers\HTTP.sys [265728 2010-09-16] (Microsoft Corporation)
R3 huawei_enumerator; C:\WINXP\System32\DRIVERS\ew_jubusenum.sys [76544 2014-08-14] (Huawei Technologies Co., Ltd.)
S3 hwdatacard; C:\WINXP\System32\DRIVERS\ewusbmdm.sys [199168 2014-08-14] (Huawei Technologies Co., Ltd.)
S1 i8042prt; C:\WINXP\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation)
R3 ialm; C:\WINXP\System32\DRIVERS\ialmnt5.sys [1049180 2006-04-01] (Intel Corporation)
R1 IDMTDI; C:\WINXP\System32\DRIVERS\idmtdi.sys [124664 2015-03-03] (Tonec Inc.)
S1 Imapi; C:\WINXP\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)
R0 IntelIde; C:\WINXP\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)
R1 intelppm; C:\WINXP\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation)
S3 Ip6Fw; C:\WINXP\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINXP\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation)
S3 IpInIp; C:\WINXP\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)
R3 IpNat; C:\WINXP\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation)
R1 IPSec; C:\WINXP\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)
S3 IRENUM; C:\WINXP\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation)
R0 isapnp; C:\WINXP\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation)
R1 Kbdclass; C:\WINXP\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
R1 kbdhid; C:\WINXP\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation)
R3 kmixer; C:\WINXP\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINXP\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R1 mnmdd; C:\WINXP\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation)
S3 Modem; C:\WINXP\system32\Drivers\Modem.sys [30080 2011-06-14] (Microsoft Corporation)
R1 Mouclass; C:\WINXP\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
R3 mouhid; C:\WINXP\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINXP\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation)
S3 MRxDAV; C:\WINXP\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation)
R1 MRxSmb; C:\WINXP\System32\DRIVERS\mrxsmb.sys [457856 2011-06-14] (Microsoft Corporation)
R1 Msfs; C:\WINXP\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation)
S3 MSKSSRV; C:\WINXP\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINXP\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINXP\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINXP\System32\DRIVERS\mssmbios.sys [15488 2011-06-14] (Microsoft Corporation)
S3 MSTEE; C:\WINXP\System32\drivers\MSTEE.sys [5504 2008-04-13] (Microsoft Corporation)
R0 Mup; C:\WINXP\system32\Drivers\Mup.sys [105472 2011-06-14] (Microsoft Corporation)
S3 NABTSFEC; C:\WINXP\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
R0 NDIS; C:\WINXP\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINXP\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINXP\System32\DRIVERS\ndistapi.sys [10112 2008-04-14] (Microsoft Corporation)
R3 Ndisuio; C:\WINXP\System32\DRIVERS\ndisuio.sys [14592 2011-06-14] (Microsoft Corporation)
R3 NdisWan; C:\WINXP\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation)
R3 NDProxy; C:\WINXP\system32\Drivers\NDProxy.sys [40960 2010-12-14] (Microsoft Corporation)
R1 NetBIOS; C:\WINXP\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation)
R1 NetBT; C:\WINXP\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation)
R1 Npfs; C:\WINXP\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation)
R4 Ntfs; C:\WINXP\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation)
R1 Null; C:\WINXP\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINXP\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINXP\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation)
R3 Parport; C:\WINXP\System32\DRIVERS\parport.sys [80128 2011-06-14] (Microsoft Corporation)
R0 PartMgr; C:\WINXP\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)
R2 ParVdm; C:\WINXP\system32\Drivers\ParVdm.sys [6784 2008-04-14] (Microsoft Corporation)
R0 PCI; C:\WINXP\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)
R0 PCIIde; C:\WINXP\system32\Drivers\PCIIde.sys [3328 2008-04-14] (Microsoft Corporation)
S4 Pcmcia; C:\WINXP\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation)
R3 PptpMiniport; C:\WINXP\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation)
R3 PSched; C:\WINXP\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
R3 Ptilink; C:\WINXP\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINXP\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation)
R3 Rasl2tp; C:\WINXP\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation)
R3 RasPppoe; C:\WINXP\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation)
R3 Raspti; C:\WINXP\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation)
R1 Rdbss; C:\WINXP\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation)
R1 RDPCDD; C:\WINXP\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation)
R3 rdpdr; C:\WINXP\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
S3 RDPWD; C:\WINXP\system32\Drivers\RDPWD.sys [139656 2008-04-14] (Microsoft Corporation)
R1 redbook; C:\WINXP\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
S3 Secdrv; C:\WINXP\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 serenum; C:\WINXP\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation)
R1 Serial; C:\WINXP\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation)
S1 Sfloppy; C:\WINXP\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation)
S3 SLIP; C:\WINXP\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 splitter; C:\WINXP\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sr; C:\WINXP\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
R3 Srv; C:\WINXP\System32\DRIVERS\srv.sys [357888 2011-04-12] (Microsoft Corporation)
S3 streamip; C:\WINXP\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R3 swenum; C:\WINXP\System32\DRIVERS\swenum.sys [4352 2011-06-14] (Microsoft Corporation)
S3 swmidi; C:\WINXP\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
R3 sysaudio; C:\WINXP\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
R1 Tcpip; C:\WINXP\System32\DRIVERS\tcpip.sys [361600 2011-04-12] (Microsoft Corporation)
S3 TDPIPE; C:\WINXP\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
S3 TDTCP; C:\WINXP\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
R1 TermDD; C:\WINXP\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
S4 Udfs; C:\WINXP\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation)
R3 Update; C:\WINXP\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)
S3 usbaudio; C:\WINXP\System32\drivers\usbaudio.sys [60032 2008-04-13] (Microsoft Corporation)
S3 usbccgp; C:\WINXP\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation)
S3 USBCCID; C:\WINXP\System32\DRIVERS\usbccid.sys [28672 2014-08-14] (Microsoft Corporation)
R3 usbehci; C:\WINXP\System32\DRIVERS\usbehci.sys [30208 2008-04-14] (Microsoft Corporation)
R3 usbhub; C:\WINXP\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)
S3 USBSTOR; C:\WINXP\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation)
R3 usbuhci; C:\WINXP\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation)
S3 usbvideo; C:\WINXP\System32\Drivers\usbvideo.sys [121984 2008-04-13] (Microsoft Corporation)
R1 VgaSave; C:\WINXP\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation)
R3 VIAudio; C:\WINXP\System32\drivers\vinyl97.sys [163712 2006-04-01] (VIA Technologies, Inc.) [File not signed]
R0 VolSnap; C:\WINXP\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation)
R3 Wanarp; C:\WINXP\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation)
R3 Wdf01000; C:\WINXP\System32\Drivers\wdf01000.sys [503008 2008-03-27] (Microsoft Corporation)
R3 wdmaud; C:\WINXP\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
S3 WSTCODEC; C:\WINXP\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 WudfPf; C:\WINXP\System32\DRIVERS\WudfPf.sys [77568 2010-09-16] (Microsoft Corporation)
S3 WudfRd; C:\WINXP\System32\DRIVERS\wudfrd.sys [82944 2010-09-16] (Microsoft Corporation)
R1 {7afe3a9e-a637-49a8-9084-bf73405b41b6}t; C:\WINXP\System32\drivers\{7afe3a9e-a637-49a8-9084-bf73405b41b6}t.sys [55768 2014-09-24] (StdLib)
S3 cpuz134; \??\C:\DOCUME~1\bb\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 gfiark; system32\drivers\gfiark.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X]
S1 sbaphd; system32\drivers\sbaphd.sys [X]
S2 sbapifs; system32\drivers\sbapifs.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 20:43 - 2015-04-19 20:43 - 00000000 ____D () C:\FRST
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\F.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\E.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\D.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\C.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\B.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\A.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\24.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\23.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\22.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\21.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\20.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\1F.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\1E.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\1D.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\1C.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\1B.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\1A.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\19.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\18.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\17.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\16.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\15.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\14.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\13.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\12.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\11.tmp
2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\10.tmp
2015-04-19 15:54 - 2015-04-19 19:42 - 00000720 _____ () C:\WINXP\setupact.log
2015-04-19 15:54 - 2015-04-19 15:54 - 00000000 _____ () C:\WINXP\setuperr.log
2015-04-19 01:40 - 2015-04-19 01:41 - 00000000 ____D () C:\Documents and Settings\bb\e
2015-04-18 16:25 - 2015-04-18 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Datamngr
2015-04-18 03:33 - 2015-04-18 03:34 - 00001410 _____ () C:\WINXP\setupapi.log
2015-04-18 00:57 - 2015-04-18 00:57 - 00000000 __SHD () C:\FOUND.078
2015-04-17 01:14 - 2015-04-17 01:14 - 00000000 __SHD () C:\FOUND.077
2015-04-16 03:46 - 2015-04-16 17:43 - 18178736 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerInstaller.exe
2015-04-14 20:23 - 2015-04-14 20:23 - 00000000 __SHD () C:\FOUND.076
2015-04-14 15:54 - 2015-04-14 15:54 - 00000000 ____H () C:\Documents and Settings\bb\Local Settings\Application Data\BITE.tmp
2015-04-14 15:52 - 2015-04-14 15:54 - 00000000 _____ () C:\Documents and Settings\bb\Local Settings\Application Data\{AD14F328-6B25-474A-AE6C-74E0A27895B5}
2015-04-11 13:27 - 2015-04-11 13:27 - 00000000 ____D () C:\Program Files\SaoVeeLots
2015-04-11 13:27 - 2015-04-11 13:27 - 00000000 ____D () C:\Program Files\DownSAvee
2015-04-11 13:26 - 2015-04-11 13:26 - 00000000 ____D () C:\Program Files\NBA Live News
2015-04-10 17:24 - 2015-04-11 00:57 - 00405654 _____ () C:\Documents and Settings\bb\My Documents\ARSENIC.pptx
2015-04-08 19:37 - 2015-04-19 19:22 - 00000000 _____ () C:\Documents and Settings\bb\channel.temp
2015-04-04 02:00 - 2015-04-04 02:00 - 00000788 _____ () C:\Documents and Settings\bb\Desktop\A0000077.lnk
2015-04-04 01:09 - 2015-04-04 01:09 - 00000000 ____D () C:\Documents and Settings\bb\Local Settings\Application Data\Avg2014
2015-04-03 02:56 - 2015-04-03 02:56 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
2015-04-03 02:05 - 2015-04-03 02:05 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\TuneUp Software
2015-04-03 02:05 - 2015-04-03 02:05 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\TuneUp Software
2015-04-02 23:56 - 2015-04-02 23:56 - 00001535 _____ () C:\TuneUp 1-Click Maintenance.lnk
2015-04-02 23:56 - 2015-04-02 23:56 - 00001525 _____ () C:\TuneUp Utilities 2014.lnk
2015-04-02 23:55 - 2015-04-02 23:55 - 00001677 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2015-04-02 23:55 - 2015-04-02 23:55 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-04-02 23:55 - 2015-04-02 23:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2015-04-02 23:28 - 2015-04-02 23:27 - 00139264 _____ (Sun Microsystems, Inc.) C:\WINXP\system32\javaws.exe
2015-04-02 23:28 - 2015-04-02 23:27 - 00135168 _____ (Sun Microsystems, Inc.) C:\WINXP\system32\javaw.exe
2015-04-02 23:28 - 2015-04-02 23:27 - 00135168 _____ (Sun Microsystems, Inc.) C:\WINXP\system32\java.exe
2015-04-02 23:28 - 2015-04-02 23:27 - 00069632 _____ (Sun Microsystems, Inc.) C:\WINXP\system32\javacpl.cpl
2015-04-02 23:27 - 2015-04-02 23:27 - 00000000 ____D () C:\Program Files\Java
2015-04-02 23:27 - 2015-04-02 23:27 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-02 23:26 - 2015-04-02 23:26 - 00000000 ____D () C:\Documents and Settings\bb\Application Data\Sun
2015-04-02 23:03 - 2015-04-02 23:03 - 00000594 _____ () C:\Documents and Settings\All Users\Desktop\Free PDF Reader.lnk
2015-04-02 23:03 - 2015-04-02 23:03 - 00000071 _____ () C:\Documents and Settings\All Users\Desktop\Free PDF Reader Website.url
2015-04-02 23:03 - 2015-04-02 23:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free PDF Reader
2015-04-02 23:02 - 2015-04-02 23:02 - 00000000 ____D () C:\Program Files\PlotSoft
2015-04-02 22:55 - 2015-04-02 22:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2015-04-02 22:28 - 2015-04-02 22:28 - 00001027 _____ () C:\Documents and Settings\bb\Desktop\FM PDF To Word.lnk
2015-04-02 22:28 - 2015-04-02 22:28 - 00000000 ____D () C:\Program Files\FM Software Studio
2015-04-02 22:28 - 2015-04-02 22:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FM Software Studio
2015-04-02 22:22 - 2015-04-02 22:22 - 00000000 ____D () C:\Program Files\Free PDF Reader
2015-04-02 22:22 - 2015-04-02 22:22 - 00000000 ____D () C:\Documents and Settings\bb\Application Data\YcanPDF
2015-04-02 20:44 - 2015-04-02 20:44 - 00000000 ____D () C:\Program Files\Haoppy2eSavve
2015-04-01 20:15 - 2015-04-01 20:15 - 00000000 __SHD () C:\FOUND.075
2015-03-29 17:28 - 2015-04-17 17:50 - 00081920 ___SH () C:\Documents and Settings\bb\My Documents\Thumbs.db
2015-03-29 17:23 - 2015-03-29 17:23 - 00000000 ____D () C:\Program Files\Skype
2015-03-29 17:23 - 2015-03-29 17:23 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-03-27 15:40 - 2015-03-27 15:40 - 00000000 __SHD () C:\FOUND.074
2015-03-22 13:45 - 2015-03-22 13:45 - 00000000 ____D () C:\Program Files\NettoCOouppon
2015-03-22 13:44 - 2015-03-22 13:44 - 00000000 ____D () C:\Program Files\RoboSaverr
2015-03-22 13:44 - 2015-03-22 13:44 - 00000000 ____D () C:\Program Files\DigiiSaver

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 20:41 - 2014-09-16 01:18 - 00000826 _____ () C:\WINXP\Tasks\Adobe Flash Player Updater.job
2015-04-19 20:32 - 2014-11-21 02:15 - 00000892 _____ () C:\WINXP\Tasks\MaxigetUpdaterTaskMachineUA.job
2015-04-19 20:28 - 2015-03-09 19:23 - 00000878 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 20:09 - 2015-03-13 00:31 - 00000326 _____ () C:\WINXP\Tasks\ReimageUpdater.job
2015-04-19 19:52 - 2015-02-24 00:19 - 00000866 _____ () C:\WINXP\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-04-19 19:28 - 2015-03-09 19:23 - 00000874 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 19:22 - 2015-02-28 01:27 - 00000284 _____ () C:\WINXP\Tasks\MaxigetMasterUpdate.job
2015-04-19 19:22 - 2015-02-13 17:50 - 00000346 _____ () C:\WINXP\Tasks\At1.job
2015-04-19 19:22 - 2014-08-13 14:27 - 00365216 _____ () C:\WINXP\WindowsUpdate.log
2015-04-19 19:21 - 2015-02-24 00:20 - 00004470 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-4.job
2015-04-19 19:21 - 2015-02-24 00:20 - 00003450 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-7.job
2015-04-19 19:21 - 2015-02-24 00:20 - 00002422 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-5.job
2015-04-19 19:21 - 2015-02-24 00:19 - 00005158 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-7.job
2015-04-19 19:21 - 2015-02-24 00:18 - 00005160 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-11.job
2015-04-19 19:21 - 2014-11-21 02:15 - 00000888 _____ () C:\WINXP\Tasks\MaxigetUpdaterTaskMachineCore.job
2015-04-19 19:21 - 2014-08-13 14:19 - 00000159 _____ () C:\WINXP\wiadebug.log
2015-04-19 19:20 - 2015-02-24 00:20 - 00003114 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-6.job
2015-04-19 19:20 - 2015-02-24 00:19 - 00005494 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-6.job
2015-04-19 19:20 - 2015-02-24 00:19 - 00000862 _____ () C:\WINXP\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-04-19 19:20 - 2015-02-24 00:18 - 00002088 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-10_user.job
2015-04-19 19:20 - 2015-02-23 16:15 - 00000394 _____ () C:\WINXP\Tasks\BlockAndSurf Update.job
2015-04-19 19:20 - 2015-02-23 16:15 - 00000374 _____ () C:\WINXP\Tasks\BlockAndSurf_wd.job
2015-04-19 19:20 - 2015-02-23 15:12 - 00000366 _____ () C:\WINXP\Tasks\Update Service YourFileDownloader.job
2015-04-19 19:20 - 2014-08-13 14:35 - 00000006 ____H () C:\WINXP\Tasks\SA.DAT
2015-04-19 17:41 - 2014-08-14 03:19 - 00131072 _____ () C:\WINXP\system32\config\TuneUp.evt
2015-04-19 17:41 - 2014-08-13 14:36 - 00000178 ___SH () C:\Documents and Settings\bb\ntuser.ini
2015-04-19 17:41 - 2014-08-13 14:35 - 00032416 _____ () C:\WINXP\SchedLgU.Txt
2015-04-19 17:41 - 2014-08-13 14:19 - 00000049 _____ () C:\WINXP\wiaservc.log
2015-04-19 17:36 - 2014-08-17 04:45 - 01698420 ___SH () C:\Documents and Settings\bb\Desktop\Thumbs.db
2015-04-19 15:03 - 2015-03-03 16:33 - 00001245 _____ () C:\Documents and Settings\bb\Application Data\aswrgeathwasrga.exe
2015-04-17 23:45 - 2015-03-13 00:33 - 00000268 _____ () C:\WINXP\Tasks\Reimage Reminder.job
2015-04-17 02:11 - 2015-03-08 01:47 - 00010709 _____ () C:\WINXP\system32\ScanResults.xml
2015-04-17 02:07 - 2015-03-08 01:38 - 00000464 _____ () C:\WINXP\system32\ScannerSettings
2015-04-16 17:44 - 2014-09-16 01:18 - 00778416 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerApp.exe
2015-04-16 17:44 - 2014-09-16 01:18 - 00142512 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerCPLApp.cpl
2015-04-09 04:34 - 2015-03-03 18:17 - 00065536 _____ () C:\WINXP\system32\config\ODiag.evt
2015-04-05 01:53 - 2008-04-14 09:00 - 00002206 _____ () C:\WINXP\system32\wpa.dbl
2015-04-03 15:37 - 2015-03-09 19:32 - 00001717 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-04-02 23:45 - 2015-02-27 02:04 - 00000158 _____ () C:\WINXP\Reimage.ini
2015-03-28 22:41 - 2014-08-13 14:16 - 00508608 _____ () C:\WINXP\system32\PerfStringBackup.INI
2015-03-25 23:31 - 2014-08-23 06:23 - 00000754 _____ () C:\WINXP\WORDPAD.INI

==================== Files in the root of some directories =======

2015-02-23 23:25 - 2014-04-28 07:22 - 0118656 _____ () C:\Documents and Settings\bb\Application Data\aiasfacoiaksf.vbs
2015-01-25 21:12 - 2015-01-25 21:12 - 0001248 _____ () C:\Documents and Settings\bb\Application Data\LMYIDGO
2015-02-24 14:34 - 2015-02-27 16:13 - 2563584 _____ () C:\Documents and Settings\bb\Application Data\aswasrga.exe
2015-02-28 13:32 - 2015-03-08 14:17 - 0000020 _____ () C:\Documents and Settings\bb\Application Data\appdataFr3.bin
2015-03-03 16:33 - 2015-04-19 15:03 - 0001245 _____ () C:\Documents and Settings\bb\Application Data\aswrgeathwasrga.exe
2015-04-14 15:54 - 2015-04-14 15:54 - 0000000 ____H () C:\Documents and Settings\bb\Local Settings\Application Data\BITE.tmp
2014-08-14 02:05 - 2015-02-22 16:48 - 0009216 _____ () C:\Documents and Settings\bb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-14 15:52 - 2015-04-14 15:54 - 0000000 _____ () C:\Documents and Settings\bb\Local Settings\Application Data\{AD14F328-6B25-474A-AE6C-74E0A27895B5}
 
Files to move or delete:
====================
C:\Program Files\Music App\Datamngr\apcrtldr.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINXP\explorer.exe => File is digitally signed
C:\WINXP\system32\winlogon.exe => File is digitally signed
C:\WINXP\system32\svchost.exe => File is digitally signed
C:\WINXP\system32\services.exe => File is digitally signed
C:\WINXP\system32\User32.dll => File is digitally signed
C:\WINXP\system32\userinit.exe => File is digitally signed
C:\WINXP\system32\rpcss.dll => File is digitally signed
C:\WINXP\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-04-2015 01
Ran by bb at 2015-04-19 20:44:55
Running from F:\New Folder (3)
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
1.1.3 (HKLM\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version: - PDFZilla)
50Coupons (HKLM\...\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}) (Version: - "") <==== ATTENTION
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AllCheapPrice (HKLM\...\{5A1D3F9E-73B5-95EC-1233-6646E1358965}) (Version: - "") <==== ATTENTION
AlLSoAver (HKLM\...\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}) (Version: - "") <==== ATTENTION
AVS Video Converter 8.5 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
BitSaver (HKLM\...\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}) (Version: - "") <==== ATTENTION
BlockIt Ad remover (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - BlockIt Ad remover) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CheaPMe (HKLM\...\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}) (Version: - "") <==== ATTENTION
CinemaP-1.9cV23.02 (HKLM\...\CinemaP-1.9cV23.02) (Version: 1.36.01.22 - Cinema PlusV23.02) <==== ATTENTION
ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
CooupaExetoennsion (HKLM\...\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}) (Version: - "") <==== ATTENTION
CRX Inspector (HKLM\...\{7304C9D1-98AD-55F0-636E-22D8DD57F176}) (Version: - "") <==== ATTENTION
DiggiCouPon (HKLM\...\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}) (Version: - "") <==== ATTENTION
DigiiSaver (HKLM\...\{7223EDAC-E091-B3C1-BD91-B66CE557800F}) (Version: - "") <==== ATTENTION
DownSAvee (HKLM\...\{AF992111-52BE-832B-5882-8477E4A3C99A}) (Version: - "") <==== ATTENTION
Driver Genius (HKLM\...\Driver Genius_is1) (Version: 12.0 - Driver-Soft Inc.)
ExsTraCouponn (HKLM\...\{98449C67-C7AF-BB53-112D-26C916814611}) (Version: - "") <==== ATTENTION
Fariya Dialer Creator (HKLM\...\Fariya Dialer Creatorv2.0-compucated) (Version: v2.0-compucated - Fariya Network)
FM PDF To Word Converter Pro 2.5 (HKLM\...\FM PDF To Word Converter Pro_is1) (Version: 2.5 - )
Free PDF To Word Converter 1.8 (HKLM\...\Free PDF To Word Converter_is1) (Version: 1.8 - )
Free Zip 9.20 (HKLM\...\7-Zip) (Version: - Somoto Ltd) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4363 - )
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
Internet Download Manager Packages (HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Internet Download Manager Packages) (Version: - ) <==== ATTENTION
IusavEr (HKLM\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version: - "") <==== ATTENTION
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
JSON Formatter (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
K-Lite Codec Pack 9.9.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
MaxiGet Software Manager (HKLM\...\MaxiGet Software Manager_is1) (Version: 1.1.92 - Maxiget Ltd.) <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiinuimuumPrice (HKLM\...\{CA1838EF-A497-194E-3850-37A62CEE398B}) (Version: - "") <==== ATTENTION
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Music Search App for Chrome (HKLM\...\imeshmusicboxtoolbarnewCR) (Version: 2.1.0.0 - IAC Search and Media, Inc.) <==== ATTENTION
NBA Live News (HKLM\...\{317D8BB4-16C3-CFBD-3777-AED69667DA46}) (Version: - "")
NewSaaveR (HKLM\...\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}) (Version: - "") <==== ATTENTION
NinjaKit (HKLM\...\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}) (Version: - "")
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Plarium (HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Plarium) (Version: - Plarium)
PriceLess (HKLM\...\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}) (Version: 2.2.0.1169 - ) <==== ATTENTION
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.1.4 - Reimage) <==== ATTENTION
Remote Desktop Access (VuuPC) (HKLM\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
RoboSaverr (HKLM\...\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}) (Version: - "") <==== ATTENTION
SaoVeeLots (HKLM\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version: - "") <==== ATTENTION
Search App by Ask (HKLM\...\{4254522D-5350-006A-76A7-A75C790C1101}) (Version: 12.17.1.2468 - APN, LLC) <==== ATTENTION
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Smileys We Love Toolbar for IE (HKLM\...\{A82BD48E-3547-4B94-BC0C-42EFED86B0EB}) (Version: 3.0.28 - SqueekyChocolate, LLC) <==== ATTENTION
Softonic Assistant (HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\SoftonicAssistant) (Version: 0.2.2 - Softonic International S.A.) <==== ATTENTION
Software Management Module (HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Software Management Module) (Version: 0.1.15.0 - Maxiget Ltd.) <==== ATTENTION!
Symbaloo Bookmarker 0.4 (HKLM\...\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}) (Version: - "")
takEorleave (HKLM\...\{89AE616B-E500-0C2D-D0D2-F444CEEB4619}) (Version: - "")
takeSaVe (HKLM\...\{D238A788-39B6-B97D-A5BA-13FE8E34E03C}) (Version: - "") <==== ATTENTION
TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
UniDeeaalsa (HKLM\...\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}) (Version: - ) <==== ATTENTION
Update Service YourFileDownloader (HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Update Service YourFileDownloader) (Version: 2.15.10 - http://www.yourfile-downloader.com.com) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WidgetPremium (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{e2dd4ab2}) (Version: - WidgetPremium) <==== ATTENTION
WinCheck (HKLM\...\wincheck) (Version: 1.0.0.0 - WinCheck) <==== ATTENTION!
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinZipper (HKLM\...\WinZipper) (Version: 1.5.86 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\DOCUME~1\bb\LOCALS~1\Temp\1268\temp\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).exe No File

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 09:00 - 2008-04-14 09:00 - 00000734 ____A C:\WINXP\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINXP\Tasks\At1.job => C:\WINXP\system32\system3_.exe
Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-7.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-7.exe <==== ATTENTION
Task: C:\WINXP\Tasks\Adobe Flash Player Updater.job => C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-6.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-6.exe <==== ATTENTION
Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-5.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-5.exe <==== ATTENTION
Task: C:\WINXP\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
Task: C:\WINXP\Tasks\Reimage Reminder.job => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
Task: C:\WINXP\Tasks\MaxigetUpdaterTaskMachineCore.job => C:\Program Files\Maxiget\Updater\MaxigetUpdater.exe <==== ATTENTION
Task: C:\WINXP\Tasks\MaxigetUpdaterTaskMachineUA.job => C:\Program Files\Maxiget\Updater\MaxigetUpdater.exe <==== ATTENTION
Task: C:\WINXP\Tasks\MaxigetMasterUpdate.job => C:\Program Files\Maxiget\Master\Updater\MasterUpdater.exe <==== ATTENTION
Task: C:\WINXP\Tasks\Update Service YourFileDownloader.job => C:\Program Files\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe'http:/www.yourfile-downloader.com.com <==== ATTENTION
Task: C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINXP\Tasks\BlockAndSurf_wd.job => C:\Program Files\ver4BlockAndSurf\K5BlockAndSurfm.exe <==== ATTENTION
Task: C:\WINXP\Tasks\BlockAndSurf Update.job => C:\Program Files\ver4BlockAndSurf\m8BlockAndSurfZ31.exe <==== ATTENTION
Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-10_user.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-10.exe <==== ATTENTION
Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-11.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-11.exe <==== ATTENTION
Task: C:\WINXP\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINXP\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-7.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-7.exe <==== ATTENTION
Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-6.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-6.exe <==== ATTENTION
Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-4.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-4.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-08-13 14:45 - 2014-12-11 19:44 - 00493800 _____ () C:\Program Files\Music App\Datamngr\apcrtldr.dll
2015-01-01 01:16 - 2014-12-31 09:34 - 00612528 _____ () C:\Program Files\WinZipper\sqlite3.dll
2015-02-23 16:15 - 2015-02-23 16:15 - 00256000 _____ () C:\Program Files\ver4BlockAndSurf\K5BlockAndSurfm.exe
2015-02-23 16:15 - 2015-02-23 16:15 - 00212480 _____ () C:\Program Files\ver4BlockAndSurf\d2BlockAndSurfQD178.dll
2015-02-23 16:15 - 2015-02-23 16:15 - 00304128 _____ () C:\Program Files\ver4BlockAndSurf\d2BlockAndSurfQD178.exe
2015-02-23 16:02 - 2015-02-23 16:02 - 00141312 _____ () C:\Documents and Settings\bb\Application Data\VOPackage\VOsrv.exe
2015-02-23 14:52 - 2015-02-23 14:52 - 01606144 _____ () c:\Program Files\StormSaver\StormSaver.dll
2011-03-14 08:27 - 2011-03-14 08:27 - 00271712 _____ () C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
2015-02-13 17:50 - 2011-09-13 22:03 - 00828929 __RSH () C:\WINXP\system32\system3_.exe
2008-04-14 09:00 - 2008-04-14 09:00 - 00059904 _____ () C:\WINXP\system32\devenum.dll
2008-04-14 09:00 - 2008-04-14 09:00 - 00014336 _____ () C:\WINXP\system32\msdmo.dll
2014-02-23 14:50 - 2014-02-23 14:50 - 01062912 _____ () C:\Documents and Settings\All Users\Application Data\{3eb4fb0a-b4b0-7a0c-3eb4-4fb0ab4bec2a}\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).exe
2015-04-03 15:36 - 2015-03-31 02:07 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2015-04-03 15:36 - 2015-03-31 02:07 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll
2014-08-16 10:46 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-08-16 10:46 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-01-01 01:16 - 2014-12-31 09:34 - 00181936 _____ () C:\Program Files\WinZipper\libpng.dll

==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Classes\exefile: <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\bb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1960408961-1336601894-1644491937-500 - Administrator - Enabled)
bb (S-1-5-21-1960408961-1336601894-1644491937-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\bb
Guest (S-1-5-21-1960408961-1336601894-1644491937-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1960408961-1336601894-1644491937-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1960408961-1336601894-1644491937-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2015 07:22:56 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

Error: (04/19/2015 07:22:48 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

Error: (04/19/2015 07:22:25 PM) (Source: ESENT) (EventID: 439) (User: )
Description: wuauclt (3256) Unable to write a shadowed header for file C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1808.

Error: (04/19/2015 07:22:25 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuauclt (3256) An attempt to write to the file "C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (04/19/2015 07:22:19 PM) (Source: ESENT) (EventID: 439) (User: )
Description: wuauclt (3220) Unable to write a shadowed header for file C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1808.

Error: (04/19/2015 07:22:19 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuauclt (3220) An attempt to write to the file "C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (04/19/2015 07:22:19 PM) (Source: ESENT) (EventID: 439) (User: )
Description: wuauclt (3188) Unable to write a shadowed header for file C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1808.

Error: (04/19/2015 07:22:19 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuauclt (3188) An attempt to write to the file "C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (04/19/2015 07:22:18 PM) (Source: ESENT) (EventID: 439) (User: )
Description: wuauclt (3156) Unable to write a shadowed header for file C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1808.

Error: (04/19/2015 07:22:18 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuauclt (3156) An attempt to write to the file "C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.


System errors:
=============
Error: (04/19/2015 07:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Maxiget Update Service (mglupdate) service failed to start due to the following error:
%%1053

Error: (04/19/2015 07:21:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Maxiget Update Service (mglupdate) service to connect.

Error: (04/19/2015 07:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
%%2

Error: (04/19/2015 07:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Broadband. OUC service failed to start due to the following error:
%%2

Error: (04/19/2015 07:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sbapifs service failed to start due to the following error:
%%2

Error: (04/19/2015 07:21:37 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.

Error: (04/19/2015 07:21:06 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC000003A_filelst.cfgHarddiskVolume1

Error: (04/19/2015 03:51:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iSafeKrnlMon
sbaphd

Error: (04/19/2015 03:51:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Maxiget Update Service (mglupdate) service failed to start due to the following error:
%%1053

Error: (04/19/2015 03:51:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Maxiget Update Service (mglupdate) service to connect.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 76%
Total physical RAM: 1014.48 MB
Available physical RAM: 235.32 MB
Total Pagefile: 2445.59 MB
Available Pagefile: 1321.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:9.76 GB) (Free:0 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:9.77 GB) (Free:2.99 GB) NTFS
Drive e: () (Fixed) (Total:9.77 GB) (Free:1.65 GB) NTFS
Drive f: () (Fixed) (Total:7.96 GB) (Free:5.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 44C244C1)
Partition 1: (Active) - (Size=9.8 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=27.5 GB) - (Type=OF Extended)

==================== End Of Log ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

redtarget.gif
Step 1 in our preliminaries calls for installing one of proposed AV programs if you don't have any.
I don't see any AV program running.
What's the story there?

redtarget.gif
Running from F:\New Folder (3)
Click to expand...
Move FRST to proper location (Desktop).

redtarget.gif
Uninstall:

WinZipper
WinCheck
WidgetPremium
Update Service YourFileDownloader
UniDeeaalsa
takeSaVe
Software Management Module
Softonic Assistant
Smileys We Love Toolbar for IE
Search App by Ask
SaoVeeLots
RoboSaverr
Remote Desktop Access
Reimage Repair
PriceLess
NewSaaveR
Music Search App for Chrome
MiinuimuumPrice
MaxiGet Software Manager
JSON Formatter
IusavEr
Internet Download Manager Packages
Free Zip 9.20
ExsTraCouponn
DownSAvee
DigiiSaver
DiggiCouPon
CRX Inspector
CooupaExetoennsio
ConvertAd
CinemaP-1.9cV23.0
CheaPMe
BlockIt Ad remover
BitSaver
AlLSoAver
AllCheapPrice
50Coupons
 
Yes all uninstall except Smileys We Love Toolbar for IE it gave fatal error :D:D

plz recomnd any AV progrm to install

yes fast has shifted to desktop
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back