Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus won't let me download and google keeps redirecting to other links


  • This topic is locked This topic is locked
4 replies to this topic

#1 Marnel

Marnel

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:14 PM

Posted 23 February 2015 - 10:24 PM

FRST Scan:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2015 01
Ran by admin (administrator) on MARKETING-PC on 20-02-2015 11:23:35
Running from C:\Documents and Settings\admin\Desktop
Loaded Profiles: admin (Available profiles: admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-57989841-1085031214-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-57989841-1085031214-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.look-for-it.info/?pid=1091&r=2015/02/14&hid=10764478987025581403&lg=EN&cc=PH&unqvl=82
HKU\S-1-5-21-57989841-1085031214-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-57989841-1085031214-1417001333-1003 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=1091&r=2015/02/14&hid=10764478987025581403&lg=EN&cc=PH&unqvl=82
SearchScopes: HKU\S-1-5-21-57989841-1085031214-1417001333-1003 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=1091&r=2015/02/14&hid=10764478987025581403&lg=EN&cc=PH&unqvl=82
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DigiSSavier -> {7e3192bf-5ca9-468a-8b5e-81b3893920f1} -> C:\Program Files\DigiSSavier\mjxxfEIqKBp9ka.dll ()
BHO: DigiCCouppoN -> {b8841fe6-85e2-41ba-baf3-a8da8998d2d4} -> C:\Program Files\DigiCCouppoN\WL7llA8UGQuwEt.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.ph/com/EGamesPlugin.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.look-for-it.info/?pid=1091&r=2015/02/14&hid=10764478987025581403&lg=EN&cc=PH&unqvl=82&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.look-for-it.info/?pid=1091&r=2015/02/14&hid=10764478987025581403&lg=EN&cc=PH&unqvl=82
FF Keyword.URL: hxxp://websearch.look-for-it.info/?pid=1091&r=2015/02/14&hid=10764478987025581403&lg=EN&cc=PH&unqvl=82&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\WINDOWS\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-57989841-1085031214-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\admin\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\searchplugins\WebSearch.xml
FF Extension: youtubeadblocker - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\Extensions\a@DUJHIaT4oq.edu [2015-02-12]
FF Extension: UaniDEals  - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\Extensions\hDszf@MWs.org [2015-02-12]
FF Extension: Low Quality Flash - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\Extensions\low_quality_flash@pie2k.com [2015-01-29]
FF Extension: Soundcloud Player - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\Extensions\soundcloud-player@mikedeboer.nl [2015-01-29]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-02-04]
FF Extension: YouTube™ Flash® Player - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-01-29]
FF Extension: QuickJava - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-09-09]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://touch.3claws.com/home/"
CHR Profile: C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-06]
CHR Extension: (Google Wallet) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06]
CHR Extension: (Last Tab Keeper) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogookjjcaobcijoblfjoneggmhdlppkc [2015-02-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-20]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 032973f0; c:\Program Files\SystemPromote\SystemPromote.dll [1641472 2015-02-10] () [File not signed]
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 AgereModemAudio; C:\WINDOWS\system32\agrsmsvc.exe [13312 2008-03-18] (Agere Systems) [File not signed]
R2 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [158824 2015-02-03] (Autodesk) [File not signed]
R2 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.)
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-02-04] (Oracle Corporation)
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [4546608 2013-01-04] (INCA Internet Co., Ltd.)
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [158768 2014-09-06] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
S4 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]
R2 YahooAUService; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [680216 2008-11-10] (Yahoo! Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation) [File not signed]
R0 ACPIEC; C:\WINDOWS\System32\DRIVERS\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1202560 2008-02-29] (Agere Systems) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-02-20] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-20] (AVAST Software)
S4 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-02-20] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-02-20] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-02-20] (AVAST Software)
S4 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-02-20] (AVAST Software)
S4 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-02-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-02-20] ()
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112856 2015-02-03] (BlueStack Systems)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [13952 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Compbatt; C:\WINDOWS\System32\DRIVERS\compbatt.sys [10240 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Fdc; C:\WINDOWS\system32\Drivers\Fdc.sys [27392 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\WINDOWS\system32\Drivers\Flpydisk.sys [20480 2008-04-14] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider) [File not signed]
S3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation) [File not signed]
R3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation) [File not signed]
S1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation) [File not signed]
S3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation) [File not signed]
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation) [File not signed]
S2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2004-08-04] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-14] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-14] (Microsoft Corporation) [File not signed]
S3 sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [79232 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S2 Serial; C:\WINDOWS\system32\Drivers\Serial.sys [64512 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [325120 2010-10-26] (Silicon Integrated Systems Corporation) [File not signed]
R0 SISAGP; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [35712 2006-06-16] (Silicon Integrated Systems Corporation) [File not signed]
R3 SiSGbeXP; C:\WINDOWS\System32\DRIVERS\SiSGbeXP.sys [43392 2008-03-04] (Silicon Integrated Systems Corp.) [File not signed]
R0 SiSide; C:\WINDOWS\System32\DRIVERS\siside.sys [4096 2003-03-26] (Silicon Integrated Systems Corp.) [File not signed]
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [19200 2010-10-26] (Silicon Integrated Systems Corporation) [File not signed]
S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation) [File not signed]
S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
R3 tunmp; C:\WINDOWS\System32\DRIVERS\tunmp.sys [12288 2008-04-14] (Microsoft Corporation) [File not signed]
R0 uagp35; C:\WINDOWS\System32\DRIVERS\uagp35.sys [44672 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17152 2008-04-14] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation) [File not signed]
R1 WmiAcpi; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [8832 2008-04-14] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation) [File not signed]
R3 amsint32; \??\C:\WINDOWS\system32\drivers\ikqnhr.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [14208 2008-04-14] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\DOCUME~1\admin\LOCALS~1\Temp\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U3 WmdmPmSN; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-20 11:23 - 2015-02-20 11:23 - 00034247 _____ () C:\Documents and Settings\admin\Desktop\FRST.txt
2015-02-20 11:23 - 2015-02-20 11:23 - 00000000 ____D () C:\FRST
2015-02-20 11:22 - 2015-02-20 11:23 - 01127424 _____ (Farbar) C:\Documents and Settings\admin\Desktop\FRST.exe
2015-02-20 11:06 - 2015-02-20 11:06 - 00000000 ____D () C:\WINDOWS\system32\VIRepair
2015-02-19 14:48 - 2015-02-19 14:48 - 00000000 ____D () C:\Program Files\Chatango
2015-02-19 14:48 - 2015-02-19 14:48 - 00000000 ____D () C:\Documents and Settings\admin\Start Menu\Programs\Chatango
2015-02-18 23:21 - 2015-02-20 11:07 - 00000000 ____D () C:\Program Files\50Coupeons
2015-02-18 23:21 - 2015-02-18 23:21 - 00000000 ____D () C:\Program Files\SaverExtienssiiona
2015-02-18 23:21 - 2015-02-18 23:21 - 00000000 ____D () C:\Program Files\Last Tab Keeper
2015-02-18 18:23 - 2015-02-18 18:25 - 00000000 ____D () C:\Lucy (2014) [1080p]
2015-02-18 18:01 - 2015-02-18 18:10 - 00000000 ____D () C:\Big Hero 6 (2014) [1080p]
2015-02-18 13:16 - 2015-02-18 13:16 - 00000000 ____D () C:\Program Files\Woot! Watcher
2015-02-18 13:14 - 2015-02-18 13:14 - 00000000 ____D () C:\Program Files\ExstraSaavings
2015-02-18 13:12 - 2015-02-18 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\poggncnkbokceifjjkjmdlgpgejkgcne
2015-02-18 06:00 - 2008-04-14 00:10 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET17C.tmp
2015-02-18 04:46 - 2015-02-18 04:46 - 00000000 ____D () C:\Program Files\DigiSSavier
2015-02-18 04:46 - 2015-02-18 04:46 - 00000000 ____D () C:\Program Files\DigiCCouppoN
2015-02-17 17:14 - 2015-02-17 17:14 - 00000000 ____D () C:\Program Files\RoboSaVer
2015-02-15 18:01 - 2015-02-20 11:03 - 00000020 _____ () C:\Documents and Settings\admin\Application Data\appdataFr3.bin
2015-02-15 12:46 - 2015-02-15 12:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Block The Ads
2015-02-14 22:35 - 2015-02-14 22:35 - 00000000 ____D () C:\Documents and Settings\admin\.android
2015-02-14 22:16 - 2015-02-14 22:16 - 00001554 _____ () C:\Documents and Settings\All Users\Desktop\Start BlueStacks.lnk
2015-02-14 22:15 - 2015-02-14 22:15 - 00000000 ____D () C:\Program Files\BlueStacks
2015-02-14 22:15 - 2015-02-14 22:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\BlueStacks
2015-02-14 22:15 - 2015-02-14 22:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\BlueStacks
2015-02-14 22:14 - 2015-02-14 22:14 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Bluestacks
2015-02-13 01:59 - 2015-02-13 01:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
2015-02-13 01:58 - 2015-02-13 01:59 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-13 01:58 - 2015-02-13 01:58 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-13 01:58 - 2015-02-13 01:58 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\RHEng
2015-02-13 01:38 - 2015-02-13 02:04 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\DVDVideoSoft
2015-02-12 13:59 - 2015-02-18 18:01 - 00000000 ____D () C:\Tekken Kazuya's Revenge (2014) [1080p]
2015-02-12 13:55 - 2015-02-17 23:40 - 00000000 ____D () C:\The Judge (2014)
2015-02-12 13:53 - 2015-02-12 15:35 - 00000000 ____D () C:\Horrible Bosses 2 (2014)
2015-02-11 22:53 - 2015-02-11 23:03 - 00001434 _____ () C:\WINDOWS\wmsetup.log
2015-02-11 12:25 - 2015-02-11 12:25 - 00000000 ____D () C:\If I Stay (2014)
2015-02-11 12:20 - 2015-02-11 12:25 - 00000000 ____D () C:\Must Be Love (2013)
2015-02-10 13:33 - 2015-02-20 11:13 - 00000000 ____D () C:\Program Files\youtubeadblocker
2015-02-10 13:33 - 2015-02-10 13:33 - 00000000 ____D () C:\Program Files\SystemPromote
2015-02-10 13:32 - 2015-02-18 23:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\3832530907524235722
2015-02-10 13:32 - 2015-02-10 13:32 - 00000000 ____D () C:\Program Files\UaniDEals
2015-02-10 13:32 - 2015-02-10 13:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\himnnkchikamgeinlobmbaghllgnoboe
2015-02-10 13:31 - 2015-02-10 13:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{b6ac9db3-1b9f-943d-b6ac-c9db31b976cc}
2015-02-10 06:21 - 2015-02-10 06:21 - 00000000 ____D () C:\Documents and Settings\admin\Desktop\_locales
2015-02-08 20:39 - 2015-02-08 20:39 - 00000034 _____ () C:\WINDOWS\setupact.log
2015-02-08 20:39 - 2015-02-08 20:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-08 08:52 - 2015-02-08 08:52 - 00000000 ____D () C:\TASM1
2015-02-08 08:47 - 2015-02-08 11:00 - 00000000 ____D () C:\Documents and Settings\admin\Desktop\TASM1
2015-02-04 05:16 - 2015-02-04 05:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-04 05:16 - 2015-02-04 05:15 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-02-04 05:16 - 2015-02-04 05:15 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-02-04 05:15 - 2015-02-04 05:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-02-04 05:15 - 2015-02-04 05:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-02-04 05:15 - 2015-02-04 05:15 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-02-04 05:15 - 2015-02-04 05:15 - 00000000 ____D () C:\Program Files\Java
2015-02-04 05:15 - 2015-02-04 05:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-02-04 04:04 - 2015-02-20 11:06 - 00000000 ____D () C:\Program Files\WinFlip
2015-02-04 04:00 - 2009-03-23 17:39 - 00098304 _____ (Windows X) C:\WINDOWS\system32\scrnrdr.exe
2015-02-04 03:59 - 2015-02-04 03:59 - 00000000 ____D () C:\Documents and Settings\admin\Desktop\Windows 7
2015-02-04 03:40 - 2015-02-04 03:40 - 00103140 __RSH () C:\ulnb.exe
2015-02-04 03:38 - 2015-02-20 11:23 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\temp
2015-02-04 03:38 - 2015-02-04 03:38 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-02-04 03:38 - 2015-02-04 03:38 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-02-04 00:03 - 2015-02-04 00:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-03 10:13 - 2015-02-03 10:26 - 00000000 ____D () C:\Documents and Settings\admin\Desktop\disc 1
2015-02-03 08:30 - 2015-02-03 08:30 - 00001690 _____ () C:\Documents and Settings\All Users\Desktop\AutoCAD 2008.lnk
2015-02-03 08:27 - 2015-02-06 09:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Autodesk
2015-02-03 08:27 - 2015-02-03 08:30 - 00000000 ____D () C:\Program Files\AutoCAD 2008
2015-02-03 08:23 - 2015-01-30 14:27 - 845252374 _____ () C:\Documents and Settings\admin\Desktop\AutoCAD2008.zip
2015-02-02 14:43 - 2015-02-02 14:43 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\LMTOOLS.lnk
2015-02-02 14:43 - 2015-02-02 14:43 - 00000000 ____D () C:\Program Files\Autodesk Network License Manager
2015-02-02 14:28 - 2015-02-06 09:18 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\Autodesk
2015-01-30 08:16 - 2015-01-30 08:17 - 00000000 ____D () C:\Documents and Settings\admin\Desktop\Microprocessor
2015-01-29 14:44 - 2015-02-04 03:32 - 00036543 ____H () C:\WINDOWS\system32\Drivers\klog.dat
2015-01-29 14:44 - 2015-01-29 14:44 - 00022040 ____H () C:\Documents and Settings\admin\Application Data\addon.dat
2015-01-29 14:02 - 2015-02-03 08:27 - 00019395 _____ () C:\WINDOWS\dasetup.log
2015-01-29 14:01 - 2015-02-03 08:30 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2015-01-29 14:01 - 2015-02-03 08:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
2015-01-29 14:01 - 2015-02-03 08:27 - 00343312 _____ () C:\WINDOWS\DirectX.log
2015-01-29 14:01 - 2015-02-03 08:27 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Autodesk
2015-01-29 14:01 - 2015-02-02 14:28 - 00000000 ____D () C:\Program Files\Autodesk
2015-01-29 14:01 - 2015-01-29 14:01 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-29 12:49 - 2015-01-29 12:50 - 00000387 _____ () C:\WINDOWS\nsw.log
2015-01-29 06:27 - 2015-01-29 06:27 - 00000000 ____D () C:\TEMP
2015-01-29 05:57 - 2015-01-29 05:57 - 00000000 ____D () C:\Documents and Settings\admin\Desktop\AVR
2015-01-28 08:18 - 2015-01-28 08:25 - 01295360 _____ () C:\Documents and Settings\admin\Desktop\Assembly lang training.ppt
2015-01-28 05:01 - 2015-02-04 03:23 - 00000109 _____ () C:\WINDOWS\[TheMoonlight].txt
2015-01-28 05:01 - 2014-09-07 20:27 - 00123392 _____ () C:\Documents and Settings\admin\Downloads\Windows Vista setup                                                             .scr
2015-01-28 05:01 - 2014-09-07 20:27 - 00123392 _____ () C:\Documents and Settings\admin\Downloads\THe Best Ungu                                                             .scr
2015-01-28 05:01 - 2014-09-07 20:27 - 00123392 _____ () C:\Documents and Settings\admin\Downloads\Love Song                                                             .scr
2015-01-28 05:01 - 2014-09-07 20:27 - 00123392 _____ () C:\Documents and Settings\admin\Downloads\Lagu - Server                                                             .scr
2015-01-28 05:01 - 2014-09-07 20:27 - 00123392 _____ () C:\Documents and Settings\admin\Downloads\Gallery                                                             .scr
2015-01-28 05:01 - 2008-04-14 12:42 - 01384479 __RSH (Microsoft Corporation) C:\WINDOWS\system\msvbvm60.dll
2015-01-27 23:13 - 2015-01-27 23:42 - 00000000 ____D () C:\Bleach
2015-01-27 21:03 - 2015-02-20 11:06 - 00051564 _____ () C:\WINDOWS\setupapi.log
2015-01-27 21:03 - 2015-02-19 09:02 - 01061171 _____ () C:\WINDOWS\setupapi.log.1.old
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-20 11:20 - 2014-08-19 18:14 - 00000000 ____D () C:\Documents and Settings\admin\Desktop\CCE
2015-02-20 11:18 - 2014-02-14 21:54 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2015-02-20 11:17 - 2014-08-19 17:51 - 01875719 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-20 11:15 - 2014-02-14 22:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-20 11:15 - 2014-02-14 22:04 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-20 11:14 - 2014-09-08 00:26 - 00000000 ____D () C:\WINDOWS\system32\VITrans
2015-02-20 11:14 - 2014-09-07 08:43 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-02-20 11:14 - 2014-09-06 21:02 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 11:14 - 2014-02-14 14:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-20 11:14 - 2014-02-14 14:11 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-02-20 11:14 - 2014-02-14 14:11 - 00000000 ____D () C:\Program Files\Outlook Express
2015-02-20 11:13 - 2014-02-14 14:19 - 00000278 ___SH () C:\Documents and Settings\admin\ntuser.ini
2015-02-20 11:13 - 2014-02-14 14:19 - 00000000 ____D () C:\Documents and Settings\admin
2015-02-20 11:13 - 2014-02-14 14:18 - 00032564 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-20 11:12 - 2014-08-19 13:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\352fe28e05b001ca
2015-02-20 11:12 - 2014-02-14 22:00 - 00000327 __RSH () C:\boot.ini
2015-02-20 11:12 - 2004-08-04 20:00 - 00000594 _____ () C:\WINDOWS\win.ini
2015-02-20 11:12 - 2004-08-04 20:00 - 00000264 _____ () C:\WINDOWS\system.ini
2015-02-20 11:10 - 2014-06-15 01:23 - 00000000 ____D () C:\WINDOWS\pss
2015-02-20 11:07 - 2014-02-14 14:26 - 00000000 ____D () C:\WINDOWS\system32\Adobe
2015-02-20 11:07 - 2014-02-14 14:11 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-02-20 11:06 - 2014-09-08 00:30 - 00000000 ____D () C:\Program Files\TrueTransparency
2015-02-20 11:06 - 2014-02-14 21:54 - 00000000 ____D () C:\WINDOWS\Media
2015-02-20 11:06 - 2014-02-14 21:54 - 00000000 ____D () C:\WINDOWS\Cursors
2015-02-20 11:04 - 2014-09-09 05:11 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-20 11:04 - 2014-09-09 05:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-20 11:04 - 2014-08-24 00:00 - 00000000 ____D () C:\AdwCleaner
2015-02-20 10:58 - 2014-09-08 00:32 - 00136889 _____ () C:\WINDOWS\system32\INSTALL.LOG
2015-02-20 00:40 - 2014-02-22 17:06 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\vlc
2015-02-20 00:37 - 2014-02-22 17:05 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-02-19 23:51 - 2014-09-06 21:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 19:15 - 2014-04-09 04:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GarenaMessenger
2015-02-19 19:15 - 2014-04-09 04:29 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\GarenaPlus
2015-02-18 18:47 - 2014-02-19 08:16 - 00124928 _____ () C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-18 10:44 - 2014-10-14 00:37 - 00047616 ___SH () C:\Documents and Settings\admin\Desktop\Thumbs.db
2015-02-16 23:27 - 2014-09-06 21:08 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-15 12:20 - 2014-09-06 20:24 - 00000000 ____D () C:\Program Files\Garena Plus
2015-02-15 12:10 - 2014-09-18 06:14 - 00000000 ____D () C:\One Piece
2015-02-14 22:56 - 2014-02-14 14:26 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-12 18:41 - 2015-01-13 19:19 - 00002497 _____ () C:\Documents and Settings\admin\Desktop\Microsoft Office Word 2003.lnk
2015-02-12 01:07 - 2014-02-14 14:10 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-09 03:01 - 2014-09-09 21:27 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-08 08:10 - 2004-08-04 20:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-06 18:18 - 2014-09-25 14:43 - 00000210 _____ () C:\Documents and Settings\admin\.packettracer
2015-02-06 13:56 - 2014-02-14 14:19 - 00000000 ___RD () C:\Documents and Settings\admin\Start Menu\Programs\Accessories
2015-02-04 04:23 - 2014-09-08 00:26 - 00000000 ____D () C:\VTPFiles
2015-02-04 03:39 - 2014-09-06 19:28 - 00000000 ____D () C:\Qoobox
2015-02-04 03:39 - 2014-09-06 19:27 - 00000000 ____D () C:\WINDOWS\erdnt
2015-02-04 03:38 - 2014-09-06 19:35 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-02-04 03:38 - 2014-02-14 22:00 - 29360128 _____ () C:\WINDOWS\system32\config\software.bak
2015-02-04 03:38 - 2014-02-14 22:00 - 06815744 _____ () C:\WINDOWS\system32\config\system.bak
2015-02-04 03:38 - 2014-02-14 22:00 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-02-04 03:38 - 2014-02-14 22:00 - 00262144 _____ () C:\WINDOWS\system32\config\default.bak
2015-02-04 03:38 - 2014-02-14 22:00 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-02-04 03:37 - 2014-10-14 03:23 - 00000000 ____D () C:\Program Files\OpenDownloaderManager
2015-02-04 03:37 - 2014-09-07 05:01 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\WMTools Downloaded Files
2015-02-04 03:37 - 2014-05-21 12:05 - 00000000 ____D () C:\WINDOWS\system32\X72456go
2015-02-04 03:37 - 2014-02-21 22:02 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2015-02-04 03:37 - 2014-02-14 22:02 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-04 03:37 - 2014-02-14 16:04 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\MaxiGet Download Manager
2015-02-04 03:20 - 2014-02-14 15:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-03 15:58 - 2014-09-25 14:43 - 00000000 ____D () C:\Documents and Settings\admin\Cisco Packet Tracer 6.0.1
2015-02-03 08:44 - 2014-02-14 22:00 - 00334664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-03 08:31 - 2014-02-18 11:56 - 00087240 _____ () C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-02-03 08:28 - 2014-02-14 21:54 - 00000000 ____D () C:\WINDOWS\Help
2015-02-03 08:27 - 2014-02-14 14:12 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2015-01-29 14:00 - 2014-02-17 08:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-29 14:00 - 2014-02-17 08:19 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-29 06:42 - 2014-09-16 00:00 - 00000000 ____D () C:\Program Files\DomDomSoft Manga Downloader
2015-01-28 08:16 - 2014-09-13 13:57 - 00000000 ____D () C:\Program Files\Yahoo!
2015-01-28 08:16 - 2014-02-14 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-01-28 05:01 - 2014-02-14 21:54 - 00000000 ____D () C:\WINDOWS\system
2015-01-27 21:26 - 2014-08-19 17:45 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-01-27 21:04 - 2014-04-17 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2015-01-27 21:02 - 2014-09-12 01:08 - 00000000 ____D () C:\Program Files\Kakao
2015-01-27 21:00 - 2014-09-13 14:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo!
2015-01-27 20:59 - 2014-09-13 14:17 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\Yahoo!
2015-01-27 20:57 - 2014-03-30 01:41 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-22 20:11 - 2014-10-21 05:16 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\.minecraft
 
==================== Files in the root of some directories =======
 
2015-01-29 14:44 - 2015-01-29 14:44 - 0022040 ____H () C:\Documents and Settings\admin\Application Data\addon.dat
2015-02-15 18:01 - 2015-02-20 11:03 - 0000020 _____ () C:\Documents and Settings\admin\Application Data\appdataFr3.bin
2014-02-19 08:16 - 2015-02-18 18:47 - 0124928 _____ () C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-01 10:06 - 2014-08-01 10:06 - 0000064 _____ () C:\Documents and Settings\All Users\DC4108D1.db
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Addition.txt: 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2015 01
Ran by admin at 2015-02-20 11:24:21
Running from C:\Documents and Settings\admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Out of date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}) (Version: 9.0.16.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AutoCAD 2008 - English (HKLM\...\AutoCAD 2008 - English) (Version: 17.1.51.0 - Autodesk)
AutoCAD 2008 - English (Version: 17.1.51.0 - Autodesk) Hidden
Autodesk Design Review 2009 (HKLM\...\Autodesk Design Review 2009) (Version: 9.0.96 - Autodesk, Inc.)
Autodesk Design Review 2009 (Version: 9.0.96 - Autodesk, Inc.) Hidden
Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.)
Autodesk Network License Manager (HKLM\...\{FE2F2589-96A6-4F38-98F5-DDAC34BD41B9}) (Version: 11.4.0.0 - autodesk)
Block The Ads (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Block The Ads) <==== ATTENTION
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{E78B4959-B348-4913-874B-FF982378E035}) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
Campus Information System 2.0 (HKLM\...\Campus Information System 2.0) (Version:  - )
Chatango Message Catcher (HKLM\...\Chatango) (Version:  - )
Cisco Packet Tracer 6.0.1 (HKLM\...\Cisco Packet Tracer 6.0.1_is1) (Version:  - Cisco Systems, Inc.)
DigiCCouppoN (HKLM\...\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}) (Version:  - "") <==== ATTENTION
DigiSSavier (HKLM\...\{7223EDAC-E091-B3C1-BD91-B66CE557800F}) (Version:  - "")
DomDomSoft Manga Downloader (remove only) (HKLM\...\DomDomSoft Manga Downloader) (Version:  - )
Free 3GP Video Converter version 5.0.56.128 (HKLM\...\Free 3GP Video Converter_is1) (Version: 5.0.56.128 - DVDVideoSoft Ltd.)
Garena+ (HKLM\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Last Tab Keeper (HKLM\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version:  - "")
LibreOffice 4.2.5.2 (HKLM\...\{8D8F47B2-0E03-4C50-9803-A01120878F96}) (Version: 4.2.5.2 - The Document Foundation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)
NVIDIA PhysX (HKLM\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6839 - Realtek Semiconductor Corp.)
RoboSaVer (HKLM\...\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}) (Version:  - "") <==== ATTENTION
SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.05 - www.SamLab.ws)
SaverExtienssiiona (HKLM\...\{274E3C5C-178E-EAE2-A52F-2863C0EECD46}) (Version:  - "") <==== ATTENTION
Unity Web Player (HKU\S-1-5-21-57989841-1085031214-1417001333-1003\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Codec Pack 2.3.0 (HKLM\...\Windows 7 - Codec Pack) (Version:  - Windows 7 Codec Pack)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Woot! Watcher (HKLM\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version:  - "") <==== ATTENTION
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\x264vfw) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-57989841-1085031214-1417001333-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-1085031214-1417001333-1003_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-1085031214-1417001333-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\admin\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-57989841-1085031214-1417001333-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\admin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-1085031214-1417001333-1003_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-1085031214-1417001333-1003_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-1085031214-1417001333-1003_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2008\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-1085031214-1417001333-1003_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\DOCUME~1\admin\LOCALS~1\Temp\0821d4\temp\[mp4hentai] Iinari Saimin Kanojo - 01cen RAW.mp4.exe No  (the data entry has 4 more characters).
 
==================== Restore Points  =========================
 
17-01-2015 03:23:26 Unsigned driver install
17-01-2015 20:58:31 Unsigned driver install
20-01-2015 01:06:31 Unsigned driver install
24-01-2015 23:35:40 Unsigned driver install
24-01-2015 23:37:56 Unsigned driver install
26-01-2015 23:24:19 Unsigned driver install
27-01-2015 15:30:23 Unsigned driver install
27-01-2015 21:03:40 Removed Skype™ 6.14
27-01-2015 21:04:24 Removed Audition Dance Battle
27-01-2015 21:04:48 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
28-01-2015 08:17:26 Unsigned driver install
29-01-2015 14:01:05 Installed DirectX
29-01-2015 14:24:44 Installed DirectX
29-01-2015 14:40:09 Installed DirectX
29-01-2015 14:51:14 Installed DirectX
29-01-2015 15:01:25 Installed DirectX
29-01-2015 17:18:29 Unsigned driver install
02-02-2015 08:28:40 Unsigned driver install
03-02-2015 22:43:43 Unsigned driver install
04-02-2015 01:01:47 Unsigned driver install
04-02-2015 05:15:00 Removed Java 7 Update 67
04-02-2015 05:15:31 Installed Java 7 Update 67
29-01-2015 06:26:27 Software Distribution Service 3.0
30-01-2015 03:00:18 Software Distribution Service 3.0
31-01-2015 03:00:23 Software Distribution Service 3.0
27-01-2015 21:45:20 Unsigned driver install
29-01-2015 03:00:16 Software Distribution Service 3.0
30-01-2015 08:15:53 Unsigned driver install
02-02-2015 08:02:56 Unsigned driver install
02-02-2015 14:16:52 Installed DirectX
02-02-2015 14:28:59 Installed DirectX
02-02-2015 14:39:39 Installed DirectX
03-02-2015 08:22:27 Unsigned driver install
03-02-2015 08:27:07 Installed DirectX
08-02-2015 08:46:09 Unsigned driver install
08-02-2015 20:38:47 Unsigned driver install
09-02-2015 03:00:37 Software Distribution Service 3.0
10-02-2015 03:00:15 Software Distribution Service 3.0
10-02-2015 06:50:28 Unsigned driver install
11-02-2015 03:00:19 Software Distribution Service 3.0
12-02-2015 03:00:17 Software Distribution Service 3.0
13-02-2015 02:24:44 Unsigned driver install
13-02-2015 03:00:16 Software Distribution Service 3.0
14-02-2015 04:18:50 Software Distribution Service 3.0
15-02-2015 12:07:38 Software Distribution Service 3.0
16-02-2015 05:58:39 Software Distribution Service 3.0
16-02-2015 11:02:43 Unsigned driver install
16-02-2015 12:06:44 Unsigned driver install
17-02-2015 03:00:34 Software Distribution Service 3.0
18-02-2015 04:06:54 Software Distribution Service 3.0
18-02-2015 05:59:32 Unsigned driver install
18-02-2015 07:36:27 Software Distribution Service 3.0
18-02-2015 18:45:56 Unsigned driver install
19-02-2015 09:02:04 Software Distribution Service 3.0
20-02-2015 10:59:47 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 20:00 - 2015-02-04 03:39 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-57989841-1085031214-1417001333-1003Core.job => C:\Documents and Settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-57989841-1085031214-1417001333-1003UA.job => C:\Documents and Settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2009-01-11 06:15 - 2009-01-11 06:15 - 00159744 _____ () C:\WINDOWS\system32\mmfinfo.dll
2009-01-11 06:14 - 2009-01-11 06:14 - 00023552 _____ () C:\WINDOWS\system32\mkunicode.dll
2008-04-14 12:42 - 2008-04-14 12:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-02-10 13:33 - 2015-02-10 13:33 - 01641472 _____ () c:\Program Files\SystemPromote\SystemPromote.dll
2008-04-14 12:41 - 2008-04-14 12:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2015-02-16 23:26 - 2015-02-18 06:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-16 23:26 - 2015-02-18 06:44 - 14965064 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-57989841-1085031214-1417001333-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.254.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BRS => C:\Program Files\WSE_Astromenda\BRS\brs.exe -runBRS
MSCONFIG\startupreg: Chatango => C:\Program Files\Chatango\Chatango.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DrvIcon => C:\Program Files\Vista Drive Icon\DrvIcon.exe
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: KakaoTalk => "C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SiSPower => Rundll32.exe SiSPower.dll,ModeAgent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: T1571400TT4 => C:\WINDOWS\system32\338508756184l.exe
MSCONFIG\startupreg: T58Z385 => C:\WINDOWS\sa-76400.exe
 
==================== Accounts: =============================
 
admin (S-1-5-21-57989841-1085031214-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\admin
Administrator (S-1-5-21-57989841-1085031214-1417001333-500 - Administrator - Enabled)
ASPNET (S-1-5-21-57989841-1085031214-1417001333-1006 - Limited - Enabled)
Guest (S-1-5-21-57989841-1085031214-1417001333-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-57989841-1085031214-1417001333-1000 - Limited - Disabled)
IUSR_MARKETING-PC (S-1-5-21-57989841-1085031214-1417001333-1004 - Limited - Enabled)
IWAM_MARKETING-PC (S-1-5-21-57989841-1085031214-1417001333-1005 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-57989841-1085031214-1417001333-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/20/2015 11:15:15 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/20/2015 10:58:45 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/20/2015 00:35:14 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/19/2015 07:05:52 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/19/2015 02:01:44 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/19/2015 10:34:13 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/19/2015 09:01:05 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/18/2015 10:59:37 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/18/2015 10:30:05 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/18/2015 06:45:02 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
System errors:
=============
Error: (02/20/2015 11:16:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/20/2015 11:00:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/20/2015 00:36:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/19/2015 07:06:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/19/2015 02:02:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/19/2015 10:35:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/19/2015 09:01:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/18/2015 11:00:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/18/2015 10:30:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/18/2015 06:46:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
 
Microsoft Office Sessions:
=========================
Error: (02/20/2015 11:15:15 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/20/2015 10:58:45 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/20/2015 00:35:14 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/19/2015 07:05:52 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/19/2015 02:01:44 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/19/2015 10:34:13 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/19/2015 09:01:05 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/18/2015 10:59:37 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/18/2015 10:30:05 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/18/2015 06:45:02 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 47%
Total physical RAM: 1789.1 MB
Available physical RAM: 937.36 MB
Total Pagefile: 3683.58 MB
Available Pagefile: 2925.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.57 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.65 GB) (Free:34.53 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Lokal Disk) (Fixed) (Total:135.22 GB) (Free:26.91 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: A6F7ACD2)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.2 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:14 PM

Posted 24 February 2015 - 06:01 AM

Hello Marnel and welcome to BleepingComputer!     :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.      :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Please enable and update your Avast antivirus. If your subscription ran out please uninstall it and install one of these free AV: Avast!Antivir and Microsoft Security Essentials

 

I've submitted my next steps to my instructor, please wait a bit.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:14 PM

Posted 25 February 2015 - 07:47 AM

Hi Marnel.
 
We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.
  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Adobe Flash Player 9 ActiveX
    Block The Ads
    DigiCCouppoN
    DigiSSavier
    Last Tab Keeper
    RoboSaVer
    SaverExtienssiiona
    Woot! Watcher
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

===========================================================================

 

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-------------
 
Thank you.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:14 PM

Posted 27 February 2015 - 12:17 PM

It had been three days since my last reply. Are you still here?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:14 AM

Posted 03 March 2015 - 03:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users