TechSpot

Hanging pc

By soomia
Apr 19, 2015
  1. Hi everyone
    my pc have been facing hanging problem for few days showing virus attacked I ran Farbar Recovery Scan Tool (FRST) as u recomended. Scan FRST log is below. now what should I do??
    recommendation would be appriciated
    awaitng rep...........
    thanxx
    first.exe
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015 01
    Ran by bb (administrator) on BABAR-EA758DD71 on 19-04-2015 20:48:55
    Running from F:\New Folder (3)
    Loaded Profiles: bb (Available profiles: bb)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\WINXP\System32\SMSS.EXE
    (Microsoft Corporation) C:\WINXP\System32\CSRSS.EXE
    (Microsoft Corporation) C:\WINXP\System32\WINLOGON.EXE
    (Microsoft Corporation) C:\WINXP\System32\SERVICES.EXE
    (Microsoft Corporation) C:\WINXP\System32\LSASS.EXE
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (Fuyu LIMITED) C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe
    (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\winzipersvc.exe
    (Microsoft Corporation) C:\WINXP\System32\SPOOLSV.EXE
    (Microsoft Corporation) C:\WINXP\System32\SCARDSVR.EXE
    (Cinema PlusV23.02) C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-6.exe
    (Cinema PlusV23.02) C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-10.exe
    () C:\Program Files\ver4BlockAndSurf\K5BlockAndSurfm.exe
    (Cinema PlusV23.02) C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-6.exe
    (Microsoft Corporation) C:\WINXP\EXPLORER.EXE
    (Microsoft Corporation) C:\WINXP\System32\CTFMON.EXE
    () C:\Program Files\ver4BlockAndSurf\d2BlockAndSurfQD178.exe
    (iMesh Inc) C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe
    () C:\Documents and Settings\BB\Application Data\VOPackage\VOsrv.exe
    (iMesh Inc) C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe
    (Microsoft Corporation) C:\WINXP\System32\RUNDLL32.EXE
    (iMesh Inc) C:\Program Files\Music App\Datamngr\DatamngrUI.exe
    () C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
    (Microsoft Corporation) C:\WINXP\System32\ALG.EXE
    (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
    (Intel Corporation) C:\WINXP\System32\hkcmd.exe
    (Intel Corporation) C:\WINXP\System32\igfxpers.exe
    (http://lucky-tab.com/) C:\Program Files\LuckyTab\LuckyTab.exe
    () C:\WINXP\System32\system3_.exe
    (Microsoft Corporation) C:\WINXP\System32\WScript.exe
    (Microsoft Corporation) D:\Office12\GrooveMonitor.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    (BitTorrent Inc.) C:\Documents and Settings\BB\Application Data\uTorrent\uTorrent.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    () C:\Documents and Settings\All Users\Application Data\{3eb4fb0a-b4b0-7a0c-3eb4-4fb0ab4bec2a}\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).exe
    (Microsoft Corporation) C:\WINXP\System32\WBEM\wmiprvse.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\WinZipper.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Microsoft Corporation) C:\WINXP\System32\notepad.exe
    (Microsoft Corporation) C:\WINXP\System32\notepad.exe
    (Microsoft Corporation) C:\WINXP\System32\notepad.exe
     

    Attached Files:

  2. soomia

    soomia TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015 01
    Ran by bb (administrator) on BABAR-EA758DD71 on 19-04-2015 20:48:55
    Running from F:\New Folder (3)
    Loaded Profiles: bb (Available profiles: bb)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\WINXP\System32\SMSS.EXE
    (Microsoft Corporation) C:\WINXP\System32\CSRSS.EXE
    (Microsoft Corporation) C:\WINXP\System32\WINLOGON.EXE
    (Microsoft Corporation) C:\WINXP\System32\SERVICES.EXE
    (Microsoft Corporation) C:\WINXP\System32\LSASS.EXE
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (Fuyu LIMITED) C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe
    (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\winzipersvc.exe
    (Microsoft Corporation) C:\WINXP\System32\SPOOLSV.EXE
    (Microsoft Corporation) C:\WINXP\System32\SCARDSVR.EXE
    (Cinema PlusV23.02) C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-6.exe
    (Cinema PlusV23.02) C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-10.exe
    () C:\Program Files\ver4BlockAndSurf\K5BlockAndSurfm.exe
    (Cinema PlusV23.02) C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-6.exe
    (Microsoft Corporation) C:\WINXP\EXPLORER.EXE
    (Microsoft Corporation) C:\WINXP\System32\CTFMON.EXE
    () C:\Program Files\ver4BlockAndSurf\d2BlockAndSurfQD178.exe
    (iMesh Inc) C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe
    () C:\Documents and Settings\BB\Application Data\VOPackage\VOsrv.exe
    (iMesh Inc) C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe
    (Microsoft Corporation) C:\WINXP\System32\RUNDLL32.EXE
    (iMesh Inc) C:\Program Files\Music App\Datamngr\DatamngrUI.exe
    () C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
    (Microsoft Corporation) C:\WINXP\System32\ALG.EXE
    (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
    (Intel Corporation) C:\WINXP\System32\hkcmd.exe
    (Intel Corporation) C:\WINXP\System32\igfxpers.exe
    (http://lucky-tab.com/) C:\Program Files\LuckyTab\LuckyTab.exe
    () C:\WINXP\System32\system3_.exe
    (Microsoft Corporation) C:\WINXP\System32\WScript.exe
    (Microsoft Corporation) D:\Office12\GrooveMonitor.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    (BitTorrent Inc.) C:\Documents and Settings\BB\Application Data\uTorrent\uTorrent.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    () C:\Documents and Settings\All Users\Application Data\{3eb4fb0a-b4b0-7a0c-3eb4-4fb0ab4bec2a}\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).exe
    (Microsoft Corporation) C:\WINXP\System32\WBEM\wmiprvse.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Microsoft Corporation) C:\WINXP\System32\SVCHOST.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\WinZipper.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\CHROME.EXE
    (Microsoft Corporation) C:\WINXP\System32\notepad.exe
    (Microsoft Corporation) C:\WINXP\System32\notepad.exe
    (Microsoft Corporation) C:\WINXP\System32\notepad.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [igfxtray] => C:\WINXP\system32\igfxtray.exe [94208 2006-04-01] (Intel Corporation)
    HKLM\...\Run: [igfxhkcmd] => C:\WINXP\system32\hkcmd.exe [77824 2006-04-01] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINXP\system32\igfxpers.exe [114688 2006-04-01] (Intel Corporation)
    HKLM\...\Run: [Search Protection] => C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe [903168 2013-06-11] (Visicom Media Inc.)
    HKLM\...\Run: [LuckyTab] => C:\Program Files\LuckyTab\LuckyTab.exe [1394112 2015-02-23] (http://lucky-tab.com/)
    HKLM\...\Run: [WinCheck] => C:\Documents and Settings\bb\Local Settings\Application Data\AFD5BC98-1424707478-D835-B78A-9EC428C0FBB6\bnsuF6.exe [253952 2015-02-23] ()
    HKLM\...\Run: [ConvertAd] => C:\Documents and Settings\bb\Local Settings\Application Data\ConvertAd\ConvertAd.exe [2068992 2014-09-20] ()
    HKLM\...\Run: [asodakaossd] => C:\WINXP\system32\cmd.exe /c start C:\Documents" "and" "Settings\bb\Application" "Data\aiasfacoiaksf.vbs exit
    HKLM\...\Run: [GrooveMonitor] => D:\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0\bin\jusched.exe [77824 2015-04-02] (Sun Microsystems, Inc.)
    HKLM\...\Winlogon: [Userinit] C:\WINXP\System32\Userinit.exe,
    HKLM\...\Winlogon: [Shell] Explorer.exe system3_.exe [x ] ()
    HKLM\...\Winlogon: [UIHost] C:\WINXP\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\crypt32chain: C:\WINXP\system32\crypt32.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\cryptnet: C:\WINXP\system32\cryptnet.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\cscdll: C:\WINXP\system32\cscdll.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\dimsntfy: C:\WINXP\System32\dimsntfy.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\WINXP\system32\igfxdev.dll [2006-04-01] (Intel Corporation)
    Winlogon\Notify\ScCertProp: C:\WINXP\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\Schedule: C:\WINXP\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\sclgntfy: C:\WINXP\system32\sclgntfy.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\SensLogn: C:\WINXP\system32\WlNotify.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\termsrv: C:\WINXP\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\TPSvc: TPSvc.dll [X]
    Winlogon\Notify\wlballoon: C:\WINXP\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINXP\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINXP\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [ctfmon.exe] => C:\WINXP\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [uTorrent] => C:\Documents and Settings\bb\Application Data\uTorrent\uTorrent.exe [1442384 2015-03-26] (BitTorrent Inc.)
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [Viber] => "C:\Documents and Settings\bb\Local Settings\Application Data\Viber\Viber.exe"
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [Yahoo Messengger] => C:\WINXP\system32\system3_.exe [828929 2011-09-13] ()
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [SoftonicAssistant] => C:\Documents and Settings\bb\Local Settings\Application Data\SoftonicAssistant\SoftonicAssistant.exe [1835976 2015-03-25] ()
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [asodakaossd] => C:\WINXP\system32\cmd.exe /c start C:\Documents" "and" "Settings\bb\Application" "Data\aiasfacoiaksf.vbs exit
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Run: [MaxigetMasterUpdate] => C:\Program Files\Maxiget\Master\Updater\MasterUpdater.exe [554256 2015-03-27] ()
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Policies\system: [DisableTaskMgr] 1
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Policies\system: [DisableRegistryTools] 1
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Policies\Explorer: [NofolderOptions] 1
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\MountPoints2: {852349ce-23f9-11e4-b0d7-00112554c681} - H:\AutoRun.exe
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\MountPoints2: {9e4f4c54-238f-11e4-b0d3-00112554c681} - H:\AutoRun.exe
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINXP\system32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINXP\system32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-04-02]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Documents and Settings\bb\Start Menu\Programs\Startup\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar.lnk [2015-02-23]
    ShortcutTarget: Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar.lnk -> C:\Documents and Settings\All Users\Application Data\{44cfcb08-d445-95e6-44cf-fcb08d442c23}\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar.exe ()
    Startup: C:\Documents and Settings\bb\Start Menu\Programs\Startup\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).lnk [2015-02-23]
    ShortcutTarget: Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).lnk -> C:\Documents and Settings\All Users\Application Data\{3eb4fb0a-b4b0-7a0c-3eb4-4fb0ab4bec2a}\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).exe ()
    Startup: C:\Documents and Settings\bb\Start Menu\Programs\Startup\asodakaossd.lnk [2015-02-23]
    ShortcutTarget: asodakaossd.lnk -> C:\WINXP\system32\cmd.exe (Microsoft Corporation)
    HKLM\...\AppCertDlls: [x64] -> c:\program files\music app\datamngr\x64\apcrtldr.dll <===== ATTENTION
    HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Music App\Datamngr\apcrtldr.dll [493800 2014-12-11] () <===== ATTENTION
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Office12\GRA8E1~1.DLL [2006-10-27] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Office12\GRA8E1~1.DLL [2006-10-27] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Office12\GRA8E1~1.DLL [2006-10-27] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Office12\GRA8E1~1.DLL [2006-10-27] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Office12\GRA8E1~1.DLL [2006-10-27] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================
     
  3. soomia

    soomia TS Rookie Topic Starter

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [S-1-5-21-1960408961-1336601894-1644491937-1003] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-1960408961-1336601894-1644491937-1003] => http=127.0.0.1:13814;https=127.0.0.1:13814
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mydreamworld.50webs.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mydreamworld.50webs.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mydreamworld.50webs.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mydreamworld.50webs.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?...m12233&uid=ST340015A_5LAMEEKS&q={searchTerms}
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mydreamworld.50webs.com
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.mydreamworld.50webs.com
    http://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1949&v=u13661-438&t=4
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1420056892&from=wpm12233&uid=ST340015A_5LAMEEKS
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?...m12233&uid=ST340015A_5LAMEEKS&q={searchTerms}
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://Vosteran.com/?f=2&a=vst_aw_1...tGyEyEzzzz0AtAtAyE0CyD0B0C2Q&cr=548010498&ir=" <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?...hid=15972353139034990715&lg=EN&cc=PK&unqvl=82
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4...tGyEyEzzzz0AtAtAyE0CyD0B0C2Q&cr=548010498&ir=
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1410574354&from=cor&uid=ST340015A_5LAMEEKS&q={searchTerms}
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ie...E001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?...hid=15972353139034990715&lg=EN&cc=PK&unqvl=82
    SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?...m12233&uid=ST340015A_5LAMEEKS&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=jomedia&id=dlsecuretb&v=1_0&ent=ch_6265&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {908E8EB7-E197-40F7-829F-A09C0595B81E} URL = http://Vosteran.com/results.php?f=4...tGyEyEzzzz0AtAtAyE0CyD0B0C2Q&cr=548010498&ir=
    SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ie...E001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?...hid=15972353139034990715&lg=EN&cc=PK&unqvl=82
    SearchScopes: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll No File
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO: SaoVeeLots -> {128d88fe-61b0-4cbe-bdff-933ff1510a26} -> C:\Program Files\SaoVeeLots\Zpy298cMqIg52c.dll [2015-04-11] ()
    BHO: NettoCOouppon -> {1ecf1e0b-5dd2-458f-baf8-764495f8b345} -> C:\Program Files\NettoCOouppon\8V9ZWsS2LJDwn3.dll [2015-03-22] ()
    BHO: DiggiCouPon -> {4ba712f2-5bad-4150-8c57-c2c4ce95eef7} -> C:\Program Files\DiggiCouPon\A15KHh1LhPiOdd.dll No File
    BHO: RoboSaverr -> {559612db-e061-4ee6-adb5-f081b815f061} -> C:\Program Files\RoboSaverr\RFXWB0KQINCWEK.dll [2015-04-11] ()
    BHO: DigiiSaver -> {6448049c-b183-4970-8076-9931effa93f2} -> C:\Program Files\DigiiSaver\Y3q1qbE6twWwVd.dll [2015-03-22] ()
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Office12\GRA8E1~1.DLL [2006-10-27] (Microsoft Corporation)
    BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2015-04-02] (Sun Microsystems, Inc.)
    BHO: CooupaExetoennsion -> {9e0869c4-b955-4b13-9fca-db45ee23d651} -> C:\Program Files\CooupaExetoennsion\ReM7KLHtEEpjdl.dll No File
    BHO: AlLSoAver -> {a67c2fed-5e7c-42e2-8b32-2be6467eae5c} -> C:\Program Files\AlLSoAver\DoVTZB4SqOPZTs.dll No File
    BHO: IusavEr -> {b37978ed-53e4-454f-b1e9-357eb956d0f9} -> C:\Program Files\IusavEr\pmciGLvc6GRGWp.dll No File
    BHO: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files\Smileys We Love Toolbar for IE\adxloader.dll No File
    Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files\Smileys We Love Toolbar for IE\adxloader.dll No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINXP\system32\urlmon.dll [2011-06-14] (Microsoft Corporation)
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GR99D3~1.DLL [2006-10-27] (Microsoft Corporation)
    Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINXP\system32\wiascr.dll [2008-04-14] (Microsoft Corporation)
    Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINXP\system32\SHELL32.dll [2011-03-08] (Microsoft Corporation)
    Winsock: Catalog5 01 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog5 02 C:\WINXP\system32\winrnr.dll [16896] (Microsoft Corporation)
    Winsock: Catalog5 03 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 01 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 02 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 03 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 04 C:\WINXP\system32\rsvpsp.dll [92672] (Microsoft Corporation)
    Winsock: Catalog9 05 C:\WINXP\system32\rsvpsp.dll [92672] (Microsoft Corporation)
    Winsock: Catalog9 06 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 07 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 08 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 09 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 10 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 11 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 12 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 13 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 14 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 15 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 16 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 17 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 18 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 19 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 20 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Winsock: Catalog9 21 C:\WINXP\system32\mswsock.dll [245248] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default
    FF DefaultSearchEngine,S: WebSearch
    FF DefaultSearchUrl: hxxp://websearch.look-for-it.info/?pid=1091&r=2015/02/23&hid=15972353139034990715&lg=EN&cc=PK&unqvl=82&l=1&q=
    FF SearchEngineOrder.1: Ask.com
    FF SearchEngineOrder.1,S: WebSearch
    FF SelectedSearchEngine,S: WebSearch
    FF Homepage: hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1949&v=a14976-438&t=4
    FF SelectedSearchEngine: Ask.com
    FF DefaultSearchEngine: Ask.com
    FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1949&systemid=1&v=a14976-438&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=0474232664624032&o=APN10653&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINXP\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
    FF Plugin: @omaha.maxiget.com/Maxiget Updater;version=3 -> C:\Program Files\Maxiget\Updater\70.3.31.7019\npMaxigetUpdater3.dll [2015-02-28] (Maxiget Ltd.)
    FF Plugin: @omaha.maxiget.com/Maxiget Updater;version=9 -> C:\Program Files\Maxiget\Updater\70.3.31.7019\npMaxigetUpdater3.dll [2015-02-28] (Maxiget Ltd.)
    FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-09] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-09] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF user.js: detected! => C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\user.js [2015-03-16]
    FF SearchPlugin: C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\searchplugins\Vosteran.xml [2014-12-03]
    FF SearchPlugin: C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\searchplugins\WebSearch.xml [2015-02-23]
    FF SearchPlugin: C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\searchplugins\Ask.xml [2015-04-18]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml [2015-04-18]
    FF Extension: IIsaveur - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\V@G7kzZ.com [2015-02-23]
    FF Extension: DigiSAver - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\tg@tGikS.net [2015-02-23]
    FF Extension: eastasianeunheui - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\eastasian@eunheui [2015-03-01]
    FF Extension: FUn2Save - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\z@WgpV2y94e.org [2015-03-03]
    FF Extension: No Name - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\OIBMBKA115048682@HYKFIU97176590.com [2015-03-19]
    FF Extension: RoboSaverr - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\5KqTox@z.org [2015-03-23]
    FF Extension: No Name - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\bingsearch.full@microsoft.com [2015-03-29]
    FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Documents and Settings\bb\Application Data\Mozilla\Firefox\Profiles\lYd0Vrvf.default\Extensions\jid1-FB1bBgFMk5H6Wg@jetpack.xpi [2015-02-24]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2015-04-02]
    FF HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\bb\Application Data\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Documents and Settings\bb\Application Data\IDM\idmmzcc5 [2015-03-13]
    FF HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    FF HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\bb\Application Data\IDM\idmmzcc5
     
  4. soomia

    soomia TS Rookie Topic Starter

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
    CHR Profile: C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-16]
    CHR Extension: (Google Sheets) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
    CHR Extension: (Google Slides) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
    CHR Extension: (Music App) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaaikjhckghnoaaaehhmgjcfajoabi [2015-03-16]
    CHR Extension: (Google Docs) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
    CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-16]
    CHR Extension: (Gmail) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-16]
    CHR Extension: (Vosteran New Tab) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-03-17]
    CHR Extension: (Google Drive) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-16]
    CHR Extension: (Google Search) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-16]
    CHR Extension: (YouTube) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-16]
    CHR Extension: (Ask Search) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaajhmeplfccacopbgpfaibalfnhcb [2015-03-17]
    CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-29]
    CHR Extension: (History) - C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\phaehjbfndonoealmdlbliedgiabmcdd [2015-03-22]
    CHR HKLM\...\Chrome\Extension: [aaaaaikjhckghnoaaaehhmgjcfajoabi] - C:\Documents and Settings\bb\Local Settings\Application Data\imeshmusicboxtoolbarnew\GC\toolbar.crx [2014-07-02]
    CHR HKLM\...\Chrome\Extension: [aaaaajhmeplfccacopbgpfaibalfnhcb] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaajhmeplfccacopbgpfaibalfnhcb.crx [2014-09-22]
    CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Documents and Settings\bb\Local Settings\Temp\swlfiles\smileyswelovetoolbar.crx [Not Found]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [Not Found]
    CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx

    Opera:
    =======
    OPR Extension: (CinemaP-1.9cV23.02) - C:\Documents and Settings\bb\Application Data\Opera Software\Opera Stable\Extensions\kcdeaofcapijfmeopimkgcepdpbdepnb [2015-02-24]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AdobeFlashPlayerUpdateSvc; C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe [268464 2015-04-16] (Adobe Systems Incorporated)
    S4 Alerter; C:\WINXP\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
    R3 ALG; C:\WINXP\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
    S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-19] (APN LLC.)
    S3 AppMgmt; C:\WINXP\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)
    S3 aspnet_state; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [29896 2005-09-23] (Microsoft Corporation)
    R2 AudioSrv; C:\WINXP\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
    R2 BITS; C:\WINXP\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
    R2 BlockAndSurf; C:\Program Files\ver4BlockAndSurf\d2BlockAndSurfQD178.exe [304128 2015-02-23] () [File not signed]
    S2 Browser; C:\WINXP\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation)
    S3 CiSvc; C:\WINXP\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
    S4 ClipSrv; C:\WINXP\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
    S4 clr_optimization_v2.0.50727_32; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66240 2005-09-23] (Microsoft Corporation)
    S2 clr_optimization_v4.0.30319_32; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
    R2 CryptSvc; C:\WINXP\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
    R2 DatamngrCoordinator; C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe [3574504 2014-12-11] (iMesh Inc)
    R2 DcomLaunch; C:\WINXP\system32\rpcss.dll [401408 2010-09-16] (Microsoft Corporation)
    R2 Dhcp; C:\WINXP\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
    S3 dmadmin; C:\WINXP\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)
    R2 dmserver; C:\WINXP\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
    R2 Dnscache; C:\WINXP\System32\dnsrslvr.dll [45568 2011-04-12] (Microsoft Corporation)
    S3 Dot3svc; C:\WINXP\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
    R2 dozohylo; C:\Documents and Settings\bb\Application Data\VOPackage\VOsrv.exe [141312 2015-02-23] () [File not signed] <==== ATTENTION
    R2 e2dd4ab2; c:\Program Files\StormSaver\StormSaver.dll [1606144 2015-02-23] () [File not signed]
    S3 EapHost; C:\WINXP\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
    R2 ERSvc; C:\WINXP\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
    R2 Eventlog; C:\WINXP\system32\services.exe [110592 2010-09-16] (Microsoft Corporation)
    R3 EventSystem; C:\WINXP\system32\es.dll [253952 2010-09-16] (Microsoft Corporation)
    R3 FastUserSwitchingCompatibility; C:\WINXP\System32\shsvcs.dll [135168 2011-03-08] (Microsoft Corporation)
    R2 helpsvc; C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
    R2 HidServ; C:\WINXP\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)
    S3 hkmsvc; C:\WINXP\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
    R3 HTTPFilter; C:\WINXP\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
    R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
    S3 ImapiService; C:\WINXP\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
    R2 LanmanServer; C:\WINXP\System32\srvsvc.dll [99840 2010-10-12] (Microsoft Corporation)
    R2 lanmanworkstation; C:\WINXP\System32\wkssvc.dll [134144 2010-09-16] (Microsoft Corporation)
    R2 LmHosts; C:\WINXP\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
    S4 Messenger; C:\WINXP\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
    S2 mglupdate; C:\Program Files\Maxiget\Updater\MaxigetUpdater.exe [132632 2015-02-28] (Maxiget Ltd.)
    S3 mglupdatem; C:\Program Files\Maxiget\Updater\MaxigetUpdater.exe [132632 2015-02-28] (Maxiget Ltd.)
    S3 Microsoft Office Groove Audit Service; D:\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
    S3 mnmsrvc; C:\WINXP\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
    S3 MSDTC; C:\WINXP\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
    S3 MSIServer; C:\WINXP\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)
    S3 napagent; C:\WINXP\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
    S4 NetDDE; C:\WINXP\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
    S4 NetDDEdsdm; C:\WINXP\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
    S3 Netlogon; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
    R3 Netman; C:\WINXP\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
    R3 Nla; C:\WINXP\System32\mswsock.dll [245248 2011-04-12] (Microsoft Corporation)
    S3 NtLmSsp; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
    S3 NtmsSvc; C:\WINXP\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
    R2 PlugPlay; C:\WINXP\system32\services.exe [110592 2010-09-16] (Microsoft Corporation)
    R2 PolicyAgent; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
    R2 ProtectedStorage; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
    S3 RasAuto; C:\WINXP\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
    R3 RasMan; C:\WINXP\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
    S3 RDSessMgr; C:\WINXP\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
    R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6079848 2015-01-14] (Reimage®)
    S4 RemoteAccess; C:\WINXP\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
    R2 RemoteRegistry; C:\WINXP\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
    S3 RpcLocator; C:\WINXP\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
    R2 RpcSs; C:\WINXP\system32\rpcss.dll [401408 2010-09-16] (Microsoft Corporation)
    S3 RSVP; C:\WINXP\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation)
    R2 SamSs; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
    R2 SCardSvr; C:\WINXP\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
    R2 Schedule; C:\WINXP\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
    R2 seclogon; C:\WINXP\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
    R2 SENS; C:\WINXP\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
    R2 SharedAccess; C:\WINXP\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)
    R2 ShellHWDetection; C:\WINXP\System32\shsvcs.dll [135168 2011-03-08] (Microsoft Corporation)
    R2 Spooler; C:\WINXP\system32\spoolsv.exe [58880 2010-09-16] (Microsoft Corporation)
    R2 srservice; C:\WINXP\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
    R3 SSDPSRV; C:\WINXP\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
    R2 stisvc; C:\WINXP\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
    S3 SysmonLog; C:\WINXP\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
    R3 TapiSrv; C:\WINXP\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
    R3 TermService; C:\WINXP\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
    R2 Themes; C:\WINXP\System32\shsvcs.dll [135168 2011-03-08] (Microsoft Corporation)
    S4 TlntSvr; C:\WINXP\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
    R2 TrkWks; C:\WINXP\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
    R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
    S3 upnphost; C:\WINXP\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
    S3 UPS; C:\WINXP\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
    S3 VSS; C:\WINXP\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
    R2 W32Time; C:\WINXP\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
    S3 WebClient; C:\WINXP\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
    R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2014-12-26] (Fuyu LIMITED) [File not signed]
    R2 winmgmt; C:\WINXP\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
    R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [425648 2015-01-28] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
    S3 WmdmPmSN; C:\WINXP\system32\mspmsnsv.dll [27136 2010-09-16] (Microsoft Corporation)
    S3 Wmi; C:\WINXP\System32\advapi32.dll [617472 2010-09-16] (Microsoft Corporation)
    S3 WmiApSrv; C:\WINXP\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
    S3 WPFFontCache_v0400; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Microsoft Corporation)
    R2 wscsvc; C:\WINXP\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
    R2 wuauserv; C:\WINXP\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
    S3 WudfSvc; C:\WINXP\System32\WUDFSvc.dll [55808 2010-09-16] (Microsoft Corporation)
    R2 WZCSVC; C:\WINXP\System32\wzcsvc.dll [483840 2011-06-14] (Microsoft Corporation)
    S3 xmlprov; C:\WINXP\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
    S2 Broadband. RunOuc; C:\Program Files\Broadband\UpdateDog\ouc.exe [X]
    S3 COMSysApp; C:\WINXP\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
    S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
    S3 SwPrv; C:\WINXP\system32\dllhost.exe /Processid:{5B7154B9-65DE-47EC-9187-A09D54AB900C}

    ==================== Drivers (Whitelisted) ====================
     
  5. soomia

    soomia TS Rookie Topic Starter

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 ACPI; C:\WINXP\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation)
    S4 ACPIEC; C:\WINXP\system32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation)
    S3 aec; C:\WINXP\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
    R1 AFD; C:\WINXP\System32\drivers\afd.sys [138496 2011-06-14] (Microsoft Corporation)
    S3 aswTap; C:\WINXP\System32\DRIVERS\aswTap.sys [35272 2014-04-22] (The OpenVPN Project)
    S3 AsyncMac; C:\WINXP\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation)
    R0 atapi; C:\WINXP\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)
    S3 Atmarpc; C:\WINXP\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)
    R3 audstub; C:\WINXP\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
    R3 b57w2k; C:\WINXP\System32\DRIVERS\b57xp32.sys [134272 2006-04-01] (Broadcom Corporation)
    R1 Beep; C:\WINXP\system32\Drivers\Beep.sys [4224 2008-04-14] (Microsoft Corporation)
    S4 cbidf2k; C:\WINXP\system32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation)
    S3 CCDECODE; C:\WINXP\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S1 Cdaudio; C:\WINXP\system32\Drivers\Cdaudio.sys [18688 2011-06-14] (Microsoft Corporation)
    R4 Cdfs; C:\WINXP\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation)
    R1 Cdrom; C:\WINXP\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation)
    R0 Disk; C:\WINXP\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)
    S4 dmboot; C:\WINXP\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software)
    R0 dmio; C:\WINXP\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)
    R0 dmload; C:\WINXP\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.)
    S3 DMusic; C:\WINXP\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
    S3 drmkaud; C:\WINXP\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
    S3 ewusbnet; C:\WINXP\System32\DRIVERS\ewusbnet.sys [245376 2014-08-14] (Huawei Technologies Co., Ltd.)
    S3 ew_hwusbdev; C:\WINXP\System32\DRIVERS\ew_hwusbdev.sys [102784 2014-08-14] (Huawei Technologies Co., Ltd.)
    R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files\Music App\Datamngr\setmgrc3.cfg [38496 2014-12-11] (iMesh Inc)
    R4 Fastfat; C:\WINXP\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation)
    R3 Fdc; C:\WINXP\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation)
    R1 Fips; C:\WINXP\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)
    S3 Flpydisk; C:\WINXP\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation)
    R0 FltMgr; C:\WINXP\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation)
    U1 Fs_Rec; C:\WINXP\system32\Drivers\Fs_Rec.sys [7936 2008-04-14] (Microsoft Corporation)
    R0 Ftdisk; C:\WINXP\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation)
    R3 Gpc; C:\WINXP\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)
    R3 HidUsb; C:\WINXP\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation)
    R3 HTTP; C:\WINXP\System32\Drivers\HTTP.sys [265728 2010-09-16] (Microsoft Corporation)
    R3 huawei_enumerator; C:\WINXP\System32\DRIVERS\ew_jubusenum.sys [76544 2014-08-14] (Huawei Technologies Co., Ltd.)
    S3 hwdatacard; C:\WINXP\System32\DRIVERS\ewusbmdm.sys [199168 2014-08-14] (Huawei Technologies Co., Ltd.)
    S1 i8042prt; C:\WINXP\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation)
    R3 ialm; C:\WINXP\System32\DRIVERS\ialmnt5.sys [1049180 2006-04-01] (Intel Corporation)
    R1 IDMTDI; C:\WINXP\System32\DRIVERS\idmtdi.sys [124664 2015-03-03] (Tonec Inc.)
    S1 Imapi; C:\WINXP\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)
    R0 IntelIde; C:\WINXP\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)
    R1 intelppm; C:\WINXP\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation)
    S3 Ip6Fw; C:\WINXP\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation)
    S3 IpFilterDriver; C:\WINXP\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation)
    S3 IpInIp; C:\WINXP\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)
    R3 IpNat; C:\WINXP\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation)
    R1 IPSec; C:\WINXP\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)
    S3 IRENUM; C:\WINXP\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation)
    R0 isapnp; C:\WINXP\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation)
    R1 Kbdclass; C:\WINXP\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
    R1 kbdhid; C:\WINXP\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation)
    R3 kmixer; C:\WINXP\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
    R0 KSecDD; C:\WINXP\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
    R1 mnmdd; C:\WINXP\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation)
    S3 Modem; C:\WINXP\system32\Drivers\Modem.sys [30080 2011-06-14] (Microsoft Corporation)
    R1 Mouclass; C:\WINXP\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
    R3 mouhid; C:\WINXP\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
    R0 MountMgr; C:\WINXP\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation)
    S3 MRxDAV; C:\WINXP\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation)
    R1 MRxSmb; C:\WINXP\System32\DRIVERS\mrxsmb.sys [457856 2011-06-14] (Microsoft Corporation)
    R1 Msfs; C:\WINXP\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation)
    S3 MSKSSRV; C:\WINXP\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
    S3 MSPCLOCK; C:\WINXP\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
    S3 MSPQM; C:\WINXP\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
    R3 mssmbios; C:\WINXP\System32\DRIVERS\mssmbios.sys [15488 2011-06-14] (Microsoft Corporation)
    S3 MSTEE; C:\WINXP\System32\drivers\MSTEE.sys [5504 2008-04-13] (Microsoft Corporation)
    R0 Mup; C:\WINXP\system32\Drivers\Mup.sys [105472 2011-06-14] (Microsoft Corporation)
    S3 NABTSFEC; C:\WINXP\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
    R0 NDIS; C:\WINXP\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)
    S3 NdisIP; C:\WINXP\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    R3 NdisTapi; C:\WINXP\System32\DRIVERS\ndistapi.sys [10112 2008-04-14] (Microsoft Corporation)
    R3 Ndisuio; C:\WINXP\System32\DRIVERS\ndisuio.sys [14592 2011-06-14] (Microsoft Corporation)
    R3 NdisWan; C:\WINXP\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation)
    R3 NDProxy; C:\WINXP\system32\Drivers\NDProxy.sys [40960 2010-12-14] (Microsoft Corporation)
    R1 NetBIOS; C:\WINXP\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation)
    R1 NetBT; C:\WINXP\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation)
    R1 Npfs; C:\WINXP\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation)
    R4 Ntfs; C:\WINXP\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation)
    R1 Null; C:\WINXP\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation)
    S3 NwlnkFlt; C:\WINXP\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation)
    S3 NwlnkFwd; C:\WINXP\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation)
    R3 Parport; C:\WINXP\System32\DRIVERS\parport.sys [80128 2011-06-14] (Microsoft Corporation)
    R0 PartMgr; C:\WINXP\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)
    R2 ParVdm; C:\WINXP\system32\Drivers\ParVdm.sys [6784 2008-04-14] (Microsoft Corporation)
    R0 PCI; C:\WINXP\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)
    R0 PCIIde; C:\WINXP\system32\Drivers\PCIIde.sys [3328 2008-04-14] (Microsoft Corporation)
    S4 Pcmcia; C:\WINXP\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation)
    R3 PptpMiniport; C:\WINXP\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation)
    R3 PSched; C:\WINXP\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
    R3 Ptilink; C:\WINXP\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
    R1 RasAcd; C:\WINXP\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation)
    R3 Rasl2tp; C:\WINXP\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation)
    R3 RasPppoe; C:\WINXP\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation)
    R3 Raspti; C:\WINXP\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation)
    R1 Rdbss; C:\WINXP\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation)
    R1 RDPCDD; C:\WINXP\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation)
    R3 rdpdr; C:\WINXP\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
    S3 RDPWD; C:\WINXP\system32\Drivers\RDPWD.sys [139656 2008-04-14] (Microsoft Corporation)
    R1 redbook; C:\WINXP\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
    S3 Secdrv; C:\WINXP\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    R3 serenum; C:\WINXP\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation)
    R1 Serial; C:\WINXP\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation)
    S1 Sfloppy; C:\WINXP\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation)
    S3 SLIP; C:\WINXP\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
    S3 splitter; C:\WINXP\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
    R0 sr; C:\WINXP\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
    R3 Srv; C:\WINXP\System32\DRIVERS\srv.sys [357888 2011-04-12] (Microsoft Corporation)
    S3 streamip; C:\WINXP\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
    R3 swenum; C:\WINXP\System32\DRIVERS\swenum.sys [4352 2011-06-14] (Microsoft Corporation)
    S3 swmidi; C:\WINXP\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
    R3 sysaudio; C:\WINXP\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
    R1 Tcpip; C:\WINXP\System32\DRIVERS\tcpip.sys [361600 2011-04-12] (Microsoft Corporation)
    S3 TDPIPE; C:\WINXP\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
    S3 TDTCP; C:\WINXP\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
    R1 TermDD; C:\WINXP\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
    R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
    S4 Udfs; C:\WINXP\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation)
    R3 Update; C:\WINXP\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)
    S3 usbaudio; C:\WINXP\System32\drivers\usbaudio.sys [60032 2008-04-13] (Microsoft Corporation)
    S3 usbccgp; C:\WINXP\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation)
    S3 USBCCID; C:\WINXP\System32\DRIVERS\usbccid.sys [28672 2014-08-14] (Microsoft Corporation)
    R3 usbehci; C:\WINXP\System32\DRIVERS\usbehci.sys [30208 2008-04-14] (Microsoft Corporation)
    R3 usbhub; C:\WINXP\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)
    S3 USBSTOR; C:\WINXP\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation)
    R3 usbuhci; C:\WINXP\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation)
    S3 usbvideo; C:\WINXP\System32\Drivers\usbvideo.sys [121984 2008-04-13] (Microsoft Corporation)
    R1 VgaSave; C:\WINXP\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation)
    R3 VIAudio; C:\WINXP\System32\drivers\vinyl97.sys [163712 2006-04-01] (VIA Technologies, Inc.) [File not signed]
    R0 VolSnap; C:\WINXP\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation)
    R3 Wanarp; C:\WINXP\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation)
    R3 Wdf01000; C:\WINXP\System32\Drivers\wdf01000.sys [503008 2008-03-27] (Microsoft Corporation)
    R3 wdmaud; C:\WINXP\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
    S3 WSTCODEC; C:\WINXP\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
    S3 WudfPf; C:\WINXP\System32\DRIVERS\WudfPf.sys [77568 2010-09-16] (Microsoft Corporation)
    S3 WudfRd; C:\WINXP\System32\DRIVERS\wudfrd.sys [82944 2010-09-16] (Microsoft Corporation)
    R1 {7afe3a9e-a637-49a8-9084-bf73405b41b6}t; C:\WINXP\System32\drivers\{7afe3a9e-a637-49a8-9084-bf73405b41b6}t.sys [55768 2014-09-24] (StdLib)
    S3 cpuz134; \??\C:\DOCUME~1\bb\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 gfiark; system32\drivers\gfiark.sys [X]
    S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X]
    S1 sbaphd; system32\drivers\sbaphd.sys [X]
    S2 sbapifs; system32\drivers\sbapifs.sys [X]
    U1 WS2IFSL; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-19 20:43 - 2015-04-19 20:43 - 00000000 ____D () C:\FRST
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\F.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\E.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\D.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\C.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\B.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\A.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\24.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\23.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\22.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\21.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\20.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\1F.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\1E.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\1D.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\1C.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\1B.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\1A.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\19.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\18.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\17.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\16.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\15.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\14.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\13.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\12.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\11.tmp
    2015-04-19 19:22 - 2015-04-19 19:22 - 00000000 _____ () C:\10.tmp
    2015-04-19 15:54 - 2015-04-19 19:42 - 00000720 _____ () C:\WINXP\setupact.log
    2015-04-19 15:54 - 2015-04-19 15:54 - 00000000 _____ () C:\WINXP\setuperr.log
    2015-04-19 01:40 - 2015-04-19 01:41 - 00000000 ____D () C:\Documents and Settings\bb\e
    2015-04-18 16:25 - 2015-04-18 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Datamngr
    2015-04-18 03:33 - 2015-04-18 03:34 - 00001410 _____ () C:\WINXP\setupapi.log
    2015-04-18 00:57 - 2015-04-18 00:57 - 00000000 __SHD () C:\FOUND.078
    2015-04-17 01:14 - 2015-04-17 01:14 - 00000000 __SHD () C:\FOUND.077
    2015-04-16 03:46 - 2015-04-16 17:43 - 18178736 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerInstaller.exe
    2015-04-14 20:23 - 2015-04-14 20:23 - 00000000 __SHD () C:\FOUND.076
    2015-04-14 15:54 - 2015-04-14 15:54 - 00000000 ____H () C:\Documents and Settings\bb\Local Settings\Application Data\BITE.tmp
    2015-04-14 15:52 - 2015-04-14 15:54 - 00000000 _____ () C:\Documents and Settings\bb\Local Settings\Application Data\{AD14F328-6B25-474A-AE6C-74E0A27895B5}
    2015-04-11 13:27 - 2015-04-11 13:27 - 00000000 ____D () C:\Program Files\SaoVeeLots
    2015-04-11 13:27 - 2015-04-11 13:27 - 00000000 ____D () C:\Program Files\DownSAvee
    2015-04-11 13:26 - 2015-04-11 13:26 - 00000000 ____D () C:\Program Files\NBA Live News
    2015-04-10 17:24 - 2015-04-11 00:57 - 00405654 _____ () C:\Documents and Settings\bb\My Documents\ARSENIC.pptx
    2015-04-08 19:37 - 2015-04-19 19:22 - 00000000 _____ () C:\Documents and Settings\bb\channel.temp
    2015-04-04 02:00 - 2015-04-04 02:00 - 00000788 _____ () C:\Documents and Settings\bb\Desktop\A0000077.lnk
    2015-04-04 01:09 - 2015-04-04 01:09 - 00000000 ____D () C:\Documents and Settings\bb\Local Settings\Application Data\Avg2014
    2015-04-03 02:56 - 2015-04-03 02:56 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
    2015-04-03 02:05 - 2015-04-03 02:05 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\TuneUp Software
    2015-04-03 02:05 - 2015-04-03 02:05 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\TuneUp Software
    2015-04-02 23:56 - 2015-04-02 23:56 - 00001535 _____ () C:\TuneUp 1-Click Maintenance.lnk
    2015-04-02 23:56 - 2015-04-02 23:56 - 00001525 _____ () C:\TuneUp Utilities 2014.lnk
    2015-04-02 23:55 - 2015-04-02 23:55 - 00001677 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
    2015-04-02 23:55 - 2015-04-02 23:55 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2015-04-02 23:55 - 2015-04-02 23:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
    2015-04-02 23:28 - 2015-04-02 23:27 - 00139264 _____ (Sun Microsystems, Inc.) C:\WINXP\system32\javaws.exe
    2015-04-02 23:28 - 2015-04-02 23:27 - 00135168 _____ (Sun Microsystems, Inc.) C:\WINXP\system32\javaw.exe
    2015-04-02 23:28 - 2015-04-02 23:27 - 00135168 _____ (Sun Microsystems, Inc.) C:\WINXP\system32\java.exe
    2015-04-02 23:28 - 2015-04-02 23:27 - 00069632 _____ (Sun Microsystems, Inc.) C:\WINXP\system32\javacpl.cpl
    2015-04-02 23:27 - 2015-04-02 23:27 - 00000000 ____D () C:\Program Files\Java
    2015-04-02 23:27 - 2015-04-02 23:27 - 00000000 ____D () C:\Program Files\Common Files\Java
    2015-04-02 23:26 - 2015-04-02 23:26 - 00000000 ____D () C:\Documents and Settings\bb\Application Data\Sun
    2015-04-02 23:03 - 2015-04-02 23:03 - 00000594 _____ () C:\Documents and Settings\All Users\Desktop\Free PDF Reader.lnk
    2015-04-02 23:03 - 2015-04-02 23:03 - 00000071 _____ () C:\Documents and Settings\All Users\Desktop\Free PDF Reader Website.url
    2015-04-02 23:03 - 2015-04-02 23:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free PDF Reader
    2015-04-02 23:02 - 2015-04-02 23:02 - 00000000 ____D () C:\Program Files\PlotSoft
    2015-04-02 22:55 - 2015-04-02 22:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
    2015-04-02 22:28 - 2015-04-02 22:28 - 00001027 _____ () C:\Documents and Settings\bb\Desktop\FM PDF To Word.lnk
    2015-04-02 22:28 - 2015-04-02 22:28 - 00000000 ____D () C:\Program Files\FM Software Studio
    2015-04-02 22:28 - 2015-04-02 22:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FM Software Studio
    2015-04-02 22:22 - 2015-04-02 22:22 - 00000000 ____D () C:\Program Files\Free PDF Reader
    2015-04-02 22:22 - 2015-04-02 22:22 - 00000000 ____D () C:\Documents and Settings\bb\Application Data\YcanPDF
    2015-04-02 20:44 - 2015-04-02 20:44 - 00000000 ____D () C:\Program Files\Haoppy2eSavve
    2015-04-01 20:15 - 2015-04-01 20:15 - 00000000 __SHD () C:\FOUND.075
    2015-03-29 17:28 - 2015-04-17 17:50 - 00081920 ___SH () C:\Documents and Settings\bb\My Documents\Thumbs.db
    2015-03-29 17:23 - 2015-03-29 17:23 - 00000000 ____D () C:\Program Files\Skype
    2015-03-29 17:23 - 2015-03-29 17:23 - 00000000 ____D () C:\Program Files\Common Files\Skype
    2015-03-27 15:40 - 2015-03-27 15:40 - 00000000 __SHD () C:\FOUND.074
    2015-03-22 13:45 - 2015-03-22 13:45 - 00000000 ____D () C:\Program Files\NettoCOouppon
    2015-03-22 13:44 - 2015-03-22 13:44 - 00000000 ____D () C:\Program Files\RoboSaverr
    2015-03-22 13:44 - 2015-03-22 13:44 - 00000000 ____D () C:\Program Files\DigiiSaver

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-19 20:41 - 2014-09-16 01:18 - 00000826 _____ () C:\WINXP\Tasks\Adobe Flash Player Updater.job
    2015-04-19 20:32 - 2014-11-21 02:15 - 00000892 _____ () C:\WINXP\Tasks\MaxigetUpdaterTaskMachineUA.job
    2015-04-19 20:28 - 2015-03-09 19:23 - 00000878 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-19 20:09 - 2015-03-13 00:31 - 00000326 _____ () C:\WINXP\Tasks\ReimageUpdater.job
    2015-04-19 19:52 - 2015-02-24 00:19 - 00000866 _____ () C:\WINXP\Tasks\globalUpdateUpdateTaskMachineUA.job
    2015-04-19 19:28 - 2015-03-09 19:23 - 00000874 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-19 19:22 - 2015-02-28 01:27 - 00000284 _____ () C:\WINXP\Tasks\MaxigetMasterUpdate.job
    2015-04-19 19:22 - 2015-02-13 17:50 - 00000346 _____ () C:\WINXP\Tasks\At1.job
    2015-04-19 19:22 - 2014-08-13 14:27 - 00365216 _____ () C:\WINXP\WindowsUpdate.log
    2015-04-19 19:21 - 2015-02-24 00:20 - 00004470 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-4.job
    2015-04-19 19:21 - 2015-02-24 00:20 - 00003450 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-7.job
    2015-04-19 19:21 - 2015-02-24 00:20 - 00002422 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-5.job
    2015-04-19 19:21 - 2015-02-24 00:19 - 00005158 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-7.job
    2015-04-19 19:21 - 2015-02-24 00:18 - 00005160 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-11.job
    2015-04-19 19:21 - 2014-11-21 02:15 - 00000888 _____ () C:\WINXP\Tasks\MaxigetUpdaterTaskMachineCore.job
    2015-04-19 19:21 - 2014-08-13 14:19 - 00000159 _____ () C:\WINXP\wiadebug.log
    2015-04-19 19:20 - 2015-02-24 00:20 - 00003114 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-6.job
    2015-04-19 19:20 - 2015-02-24 00:19 - 00005494 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-6.job
    2015-04-19 19:20 - 2015-02-24 00:19 - 00000862 _____ () C:\WINXP\Tasks\globalUpdateUpdateTaskMachineCore.job
    2015-04-19 19:20 - 2015-02-24 00:18 - 00002088 _____ () C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-10_user.job
    2015-04-19 19:20 - 2015-02-23 16:15 - 00000394 _____ () C:\WINXP\Tasks\BlockAndSurf Update.job
    2015-04-19 19:20 - 2015-02-23 16:15 - 00000374 _____ () C:\WINXP\Tasks\BlockAndSurf_wd.job
    2015-04-19 19:20 - 2015-02-23 15:12 - 00000366 _____ () C:\WINXP\Tasks\Update Service YourFileDownloader.job
    2015-04-19 19:20 - 2014-08-13 14:35 - 00000006 ____H () C:\WINXP\Tasks\SA.DAT
    2015-04-19 17:41 - 2014-08-14 03:19 - 00131072 _____ () C:\WINXP\system32\config\TuneUp.evt
    2015-04-19 17:41 - 2014-08-13 14:36 - 00000178 ___SH () C:\Documents and Settings\bb\ntuser.ini
    2015-04-19 17:41 - 2014-08-13 14:35 - 00032416 _____ () C:\WINXP\SchedLgU.Txt
    2015-04-19 17:41 - 2014-08-13 14:19 - 00000049 _____ () C:\WINXP\wiaservc.log
    2015-04-19 17:36 - 2014-08-17 04:45 - 01698420 ___SH () C:\Documents and Settings\bb\Desktop\Thumbs.db
    2015-04-19 15:03 - 2015-03-03 16:33 - 00001245 _____ () C:\Documents and Settings\bb\Application Data\aswrgeathwasrga.exe
    2015-04-17 23:45 - 2015-03-13 00:33 - 00000268 _____ () C:\WINXP\Tasks\Reimage Reminder.job
    2015-04-17 02:11 - 2015-03-08 01:47 - 00010709 _____ () C:\WINXP\system32\ScanResults.xml
    2015-04-17 02:07 - 2015-03-08 01:38 - 00000464 _____ () C:\WINXP\system32\ScannerSettings
    2015-04-16 17:44 - 2014-09-16 01:18 - 00778416 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerApp.exe
    2015-04-16 17:44 - 2014-09-16 01:18 - 00142512 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerCPLApp.cpl
    2015-04-09 04:34 - 2015-03-03 18:17 - 00065536 _____ () C:\WINXP\system32\config\ODiag.evt
    2015-04-05 01:53 - 2008-04-14 09:00 - 00002206 _____ () C:\WINXP\system32\wpa.dbl
    2015-04-03 15:37 - 2015-03-09 19:32 - 00001717 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-04-02 23:45 - 2015-02-27 02:04 - 00000158 _____ () C:\WINXP\Reimage.ini
    2015-03-28 22:41 - 2014-08-13 14:16 - 00508608 _____ () C:\WINXP\system32\PerfStringBackup.INI
    2015-03-25 23:31 - 2014-08-23 06:23 - 00000754 _____ () C:\WINXP\WORDPAD.INI

    ==================== Files in the root of some directories =======

    2015-02-23 23:25 - 2014-04-28 07:22 - 0118656 _____ () C:\Documents and Settings\bb\Application Data\aiasfacoiaksf.vbs
    2015-01-25 21:12 - 2015-01-25 21:12 - 0001248 _____ () C:\Documents and Settings\bb\Application Data\LMYIDGO
    2015-02-24 14:34 - 2015-02-27 16:13 - 2563584 _____ () C:\Documents and Settings\bb\Application Data\aswasrga.exe
    2015-02-28 13:32 - 2015-03-08 14:17 - 0000020 _____ () C:\Documents and Settings\bb\Application Data\appdataFr3.bin
    2015-03-03 16:33 - 2015-04-19 15:03 - 0001245 _____ () C:\Documents and Settings\bb\Application Data\aswrgeathwasrga.exe
    2015-04-14 15:54 - 2015-04-14 15:54 - 0000000 ____H () C:\Documents and Settings\bb\Local Settings\Application Data\BITE.tmp
    2014-08-14 02:05 - 2015-02-22 16:48 - 0009216 _____ () C:\Documents and Settings\bb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-04-14 15:52 - 2015-04-14 15:54 - 0000000 _____ () C:\Documents and Settings\bb\Local Settings\Application Data\{AD14F328-6B25-474A-AE6C-74E0A27895B5}
     
  6. soomia

    soomia TS Rookie Topic Starter

    Files to move or delete:
    ====================
    C:\Program Files\Music App\Datamngr\apcrtldr.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINXP\explorer.exe => File is digitally signed
    C:\WINXP\system32\winlogon.exe => File is digitally signed
    C:\WINXP\system32\svchost.exe => File is digitally signed
    C:\WINXP\system32\services.exe => File is digitally signed
    C:\WINXP\system32\User32.dll => File is digitally signed
    C:\WINXP\system32\userinit.exe => File is digitally signed
    C:\WINXP\system32\rpcss.dll => File is digitally signed
    C:\WINXP\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================
     
  7. soomia

    soomia TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-04-2015 01
    Ran by bb at 2015-04-19 20:44:55
    Running from F:\New Folder (3)
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
    1.1.3 (HKLM\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version: - PDFZilla)
    50Coupons (HKLM\...\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}) (Version: - "") <==== ATTENTION
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.5 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    AllCheapPrice (HKLM\...\{5A1D3F9E-73B5-95EC-1233-6646E1358965}) (Version: - "") <==== ATTENTION
    AlLSoAver (HKLM\...\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}) (Version: - "") <==== ATTENTION
    AVS Video Converter 8.5 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
    BitSaver (HKLM\...\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}) (Version: - "") <==== ATTENTION
    BlockIt Ad remover (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - BlockIt Ad remover) <==== ATTENTION
    CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
    CheaPMe (HKLM\...\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}) (Version: - "") <==== ATTENTION
    CinemaP-1.9cV23.02 (HKLM\...\CinemaP-1.9cV23.02) (Version: 1.36.01.22 - Cinema PlusV23.02) <==== ATTENTION
    ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
    CooupaExetoennsion (HKLM\...\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}) (Version: - "") <==== ATTENTION
    CRX Inspector (HKLM\...\{7304C9D1-98AD-55F0-636E-22D8DD57F176}) (Version: - "") <==== ATTENTION
    DiggiCouPon (HKLM\...\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}) (Version: - "") <==== ATTENTION
    DigiiSaver (HKLM\...\{7223EDAC-E091-B3C1-BD91-B66CE557800F}) (Version: - "") <==== ATTENTION
    DownSAvee (HKLM\...\{AF992111-52BE-832B-5882-8477E4A3C99A}) (Version: - "") <==== ATTENTION
    Driver Genius (HKLM\...\Driver Genius_is1) (Version: 12.0 - Driver-Soft Inc.)
    ExsTraCouponn (HKLM\...\{98449C67-C7AF-BB53-112D-26C916814611}) (Version: - "") <==== ATTENTION
    Fariya Dialer Creator (HKLM\...\Fariya Dialer Creatorv2.0-compucated) (Version: v2.0-compucated - Fariya Network)
    FM PDF To Word Converter Pro 2.5 (HKLM\...\FM PDF To Word Converter Pro_is1) (Version: 2.5 - )
    Free PDF To Word Converter 1.8 (HKLM\...\Free PDF To Word Converter_is1) (Version: 1.8 - )
    Free Zip 9.20 (HKLM\...\7-Zip) (Version: - Somoto Ltd) <==== ATTENTION
    Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4363 - )
    Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
    Internet Download Manager Packages (HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Internet Download Manager Packages) (Version: - ) <==== ATTENTION
    IusavEr (HKLM\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version: - "") <==== ATTENTION
    Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
    JSON Formatter (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
    K-Lite Codec Pack 9.9.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
    MaxiGet Software Manager (HKLM\...\MaxiGet Software Manager_is1) (Version: 1.1.92 - Maxiget Ltd.) <==== ATTENTION
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    MiinuimuumPrice (HKLM\...\{CA1838EF-A497-194E-3850-37A62CEE398B}) (Version: - "") <==== ATTENTION
    Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
    Music Search App for Chrome (HKLM\...\imeshmusicboxtoolbarnewCR) (Version: 2.1.0.0 - IAC Search and Media, Inc.) <==== ATTENTION
    NBA Live News (HKLM\...\{317D8BB4-16C3-CFBD-3777-AED69667DA46}) (Version: - "")
    NewSaaveR (HKLM\...\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}) (Version: - "") <==== ATTENTION
    NinjaKit (HKLM\...\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}) (Version: - "")
    Notepad++ (HKLM\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
    Plarium (HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Plarium) (Version: - Plarium)
    PriceLess (HKLM\...\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}) (Version: 2.2.0.1169 - ) <==== ATTENTION
    Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.1.4 - Reimage) <==== ATTENTION
    Remote Desktop Access (VuuPC) (HKLM\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
    RoboSaverr (HKLM\...\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}) (Version: - "") <==== ATTENTION
    SaoVeeLots (HKLM\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version: - "") <==== ATTENTION
    Search App by Ask (HKLM\...\{4254522D-5350-006A-76A7-A75C790C1101}) (Version: 12.17.1.2468 - APN, LLC) <==== ATTENTION
    Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
    Smileys We Love Toolbar for IE (HKLM\...\{A82BD48E-3547-4B94-BC0C-42EFED86B0EB}) (Version: 3.0.28 - SqueekyChocolate, LLC) <==== ATTENTION
    Softonic Assistant (HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\SoftonicAssistant) (Version: 0.2.2 - Softonic International S.A.) <==== ATTENTION
    Software Management Module (HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Software Management Module) (Version: 0.1.15.0 - Maxiget Ltd.) <==== ATTENTION!
    Symbaloo Bookmarker 0.4 (HKLM\...\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}) (Version: - "")
    takEorleave (HKLM\...\{89AE616B-E500-0C2D-D0D2-F444CEEB4619}) (Version: - "")
    takeSaVe (HKLM\...\{D238A788-39B6-B97D-A5BA-13FE8E34E03C}) (Version: - "") <==== ATTENTION
    TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.340 - TuneUp Software) Hidden
    TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
    TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
    UniDeeaalsa (HKLM\...\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}) (Version: - ) <==== ATTENTION
    Update Service YourFileDownloader (HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\...\Update Service YourFileDownloader) (Version: 2.15.10 - http://www.yourfile-downloader.com.com) <==== ATTENTION
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WidgetPremium (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{e2dd4ab2}) (Version: - WidgetPremium) <==== ATTENTION
    WinCheck (HKLM\...\wincheck) (Version: 1.0.0.0 - WinCheck) <==== ATTENTION!
    WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
    WinZipper (HKLM\...\WinZipper) (Version: 1.5.86 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1960408961-1336601894-1644491937-1003_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\DOCUME~1\bb\LOCALS~1\Temp\1268\temp\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).exe No File

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2008-04-14 09:00 - 2008-04-14 09:00 - 00000734 ____A C:\WINXP\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINXP\Tasks\At1.job => C:\WINXP\system32\system3_.exe
    Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-7.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-7.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\Adobe Flash Player Updater.job => C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-6.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-1-6.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-5.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-5.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\Reimage Reminder.job => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\MaxigetUpdaterTaskMachineCore.job => C:\Program Files\Maxiget\Updater\MaxigetUpdater.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\MaxigetUpdaterTaskMachineUA.job => C:\Program Files\Maxiget\Updater\MaxigetUpdater.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\MaxigetMasterUpdate.job => C:\Program Files\Maxiget\Master\Updater\MasterUpdater.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\Update Service YourFileDownloader.job => C:\Program Files\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe'http:/www.yourfile-downloader.com.com <==== ATTENTION
    Task: C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINXP\Tasks\BlockAndSurf_wd.job => C:\Program Files\ver4BlockAndSurf\K5BlockAndSurfm.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\BlockAndSurf Update.job => C:\Program Files\ver4BlockAndSurf\m8BlockAndSurfZ31.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-10_user.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-10.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-11.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-11.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-7.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-7.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-6.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-6.exe <==== ATTENTION
    Task: C:\WINXP\Tasks\2335b8fa-72e3-444a-b57e-185cd6cbfb14-4.job => C:\Program Files\CinemaP-1.9cV23.02\2335b8fa-72e3-444a-b57e-185cd6cbfb14-4.exe <==== ATTENTION

    ==================== Loaded Modules (whitelisted) ==============

    2014-08-13 14:45 - 2014-12-11 19:44 - 00493800 _____ () C:\Program Files\Music App\Datamngr\apcrtldr.dll
    2015-01-01 01:16 - 2014-12-31 09:34 - 00612528 _____ () C:\Program Files\WinZipper\sqlite3.dll
    2015-02-23 16:15 - 2015-02-23 16:15 - 00256000 _____ () C:\Program Files\ver4BlockAndSurf\K5BlockAndSurfm.exe
    2015-02-23 16:15 - 2015-02-23 16:15 - 00212480 _____ () C:\Program Files\ver4BlockAndSurf\d2BlockAndSurfQD178.dll
    2015-02-23 16:15 - 2015-02-23 16:15 - 00304128 _____ () C:\Program Files\ver4BlockAndSurf\d2BlockAndSurfQD178.exe
    2015-02-23 16:02 - 2015-02-23 16:02 - 00141312 _____ () C:\Documents and Settings\bb\Application Data\VOPackage\VOsrv.exe
    2015-02-23 14:52 - 2015-02-23 14:52 - 01606144 _____ () c:\Program Files\StormSaver\StormSaver.dll
    2011-03-14 08:27 - 2011-03-14 08:27 - 00271712 _____ () C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
    2015-02-13 17:50 - 2011-09-13 22:03 - 00828929 __RSH () C:\WINXP\system32\system3_.exe
    2008-04-14 09:00 - 2008-04-14 09:00 - 00059904 _____ () C:\WINXP\system32\devenum.dll
    2008-04-14 09:00 - 2008-04-14 09:00 - 00014336 _____ () C:\WINXP\system32\msdmo.dll
    2014-02-23 14:50 - 2014-02-23 14:50 - 01062912 _____ () C:\Documents and Settings\All Users\Application Data\{3eb4fb0a-b4b0-7a0c-3eb4-4fb0ab4bec2a}\Stellar.Phoenix.JPEG.Repair.3.0_With_Keys.rar(1).exe
    2015-04-03 15:36 - 2015-03-31 02:07 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
    2015-04-03 15:36 - 2015-03-31 02:07 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll
    2014-08-16 10:46 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
    2014-08-16 10:46 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\bb\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
    2015-01-01 01:16 - 2014-12-31 09:34 - 00181936 _____ () C:\Program Files\WinZipper\libpng.dll

    ==================== Safe Mode (whitelisted) ===================
     
  8. soomia

    soomia TS Rookie Topic Starter

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Classes\.exe: exefile => <===== ATTENTION!
    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Software\Classes\exefile: <===== ATTENTION!

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1960408961-1336601894-1644491937-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\bb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1960408961-1336601894-1644491937-500 - Administrator - Enabled)
    bb (S-1-5-21-1960408961-1336601894-1644491937-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\bb
    Guest (S-1-5-21-1960408961-1336601894-1644491937-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1960408961-1336601894-1644491937-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1960408961-1336601894-1644491937-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/19/2015 07:22:56 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

    Error: (04/19/2015 07:22:48 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

    Error: (04/19/2015 07:22:25 PM) (Source: ESENT) (EventID: 439) (User: )
    Description: wuauclt (3256) Unable to write a shadowed header for file C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1808.

    Error: (04/19/2015 07:22:25 PM) (Source: ESENT) (EventID: 482) (User: )
    Description: wuauclt (3256) An attempt to write to the file "C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

    Error: (04/19/2015 07:22:19 PM) (Source: ESENT) (EventID: 439) (User: )
    Description: wuauclt (3220) Unable to write a shadowed header for file C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1808.

    Error: (04/19/2015 07:22:19 PM) (Source: ESENT) (EventID: 482) (User: )
    Description: wuauclt (3220) An attempt to write to the file "C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

    Error: (04/19/2015 07:22:19 PM) (Source: ESENT) (EventID: 439) (User: )
    Description: wuauclt (3188) Unable to write a shadowed header for file C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1808.

    Error: (04/19/2015 07:22:19 PM) (Source: ESENT) (EventID: 482) (User: )
    Description: wuauclt (3188) An attempt to write to the file "C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

    Error: (04/19/2015 07:22:18 PM) (Source: ESENT) (EventID: 439) (User: )
    Description: wuauclt (3156) Unable to write a shadowed header for file C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1808.

    Error: (04/19/2015 07:22:18 PM) (Source: ESENT) (EventID: 482) (User: )
    Description: wuauclt (3156) An attempt to write to the file "C:\WINXP\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.


    System errors:
    =============
    Error: (04/19/2015 07:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Maxiget Update Service (mglupdate) service failed to start due to the following error:
    %%1053

    Error: (04/19/2015 07:21:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Maxiget Update Service (mglupdate) service to connect.

    Error: (04/19/2015 07:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
    %%2

    Error: (04/19/2015 07:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Broadband. OUC service failed to start due to the following error:
    %%2

    Error: (04/19/2015 07:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The sbapifs service failed to start due to the following error:
    %%2

    Error: (04/19/2015 07:21:37 PM) (Source: SRService) (EventID: 104) (User: )
    Description: The System Restore initialization process failed.

    Error: (04/19/2015 07:21:06 PM) (Source: 0) (EventID: 1) (User: )
    Description: 0xC000003A_filelst.cfgHarddiskVolume1

    Error: (04/19/2015 03:51:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    iSafeKrnlMon
    sbaphd

    Error: (04/19/2015 03:51:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Maxiget Update Service (mglupdate) service failed to start due to the following error:
    %%1053

    Error: (04/19/2015 03:51:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Maxiget Update Service (mglupdate) service to connect.


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
    Percentage of memory in use: 76%
    Total physical RAM: 1014.48 MB
    Available physical RAM: 235.32 MB
    Total Pagefile: 2445.59 MB
    Available Pagefile: 1321.96 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1927.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:9.76 GB) (Free:0 GB) FAT32 ==>[Drive with boot components (Windows XP)]
    Drive d: () (Fixed) (Total:9.77 GB) (Free:2.99 GB) NTFS
    Drive e: () (Fixed) (Total:9.77 GB) (Free:1.65 GB) NTFS
    Drive f: () (Fixed) (Total:7.96 GB) (Free:5.38 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 44C244C1)
    Partition 1: (Active) - (Size=9.8 GB) - (Type=0C)
    Partition 2: (Not Active) - (Size=27.5 GB) - (Type=OF Extended)

    ==================== End Of Log ============================
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] Step 1 in our preliminaries calls for installing one of proposed AV programs if you don't have any.
    I don't see any AV program running.
    What's the story there?

    [​IMG]
    Move FRST to proper location (Desktop).

    [​IMG] Uninstall:

    WinZipper
    WinCheck
    WidgetPremium
    Update Service YourFileDownloader
    UniDeeaalsa
    takeSaVe
    Software Management Module
    Softonic Assistant
    Smileys We Love Toolbar for IE
    Search App by Ask
    SaoVeeLots
    RoboSaverr
    Remote Desktop Access
    Reimage Repair
    PriceLess
    NewSaaveR
    Music Search App for Chrome
    MiinuimuumPrice
    MaxiGet Software Manager
    JSON Formatter
    IusavEr
    Internet Download Manager Packages
    Free Zip 9.20
    ExsTraCouponn
    DownSAvee
    DigiiSaver
    DiggiCouPon
    CRX Inspector
    CooupaExetoennsio
    ConvertAd
    CinemaP-1.9cV23.0
    CheaPMe
    BlockIt Ad remover
    BitSaver
    AlLSoAver
    AllCheapPrice
    50Coupons
     
  10. soomia

    soomia TS Rookie Topic Starter

    Uninstalling these progrms what shoul do aftr this??
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Did all of them uninstall fine?

    What about my other two requests?
     
  12. soomia

    soomia TS Rookie Topic Starter

    Yes all uninstall except Smileys We Love Toolbar for IE it gave fatal error :oops::oops:

    plz recomnd any AV progrm to install

    yes fast has shifted to desktop
     
  13. soomia

    soomia TS Rookie Topic Starter

    *frst has shifted to desktop
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Still with me?
     
  16. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...