Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Toolbar Problems with Ant.Com downloader [Closed]


  • This topic is locked This topic is locked

#1
waynf

waynf

    Member 1K

  • Member
  • PipPipPipPip
  • 1,057 posts

I have encountered problem with Ant.Com down loader.  It doesn't enable me to change my preferences.  However in an attempt to remove said toolbar, i have tried to find a way to remove it.  It doesn't show up on  the list of Add/Remove Programs, nor does it show up under My Computer>Program Files.  Even Revo uninstaller doesn't recognize it as being on my computer, but the toolbar does exist on my browser page.


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets have a look see

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

Farbar Scan

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-07-2015
Ran by Wayne at 2015-07-26 10:25:14
Running from C:\Documents and Settings\Wayne\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1343024091-2052111302-1177238915-500 - Administrator - Enabled)
Guest (S-1-5-21-1343024091-2052111302-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1343024091-2052111302-1177238915-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1343024091-2052111302-1177238915-1002 - Limited - Disabled)
Wayne (S-1-5-21-1343024091-2052111302-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Wayne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1400 (Version: 50.0.206.000 - Hewlett-Packard) Hidden
1400_Help (Version: 50.0.206.000 - Hewlett-Packard) Hidden
1400Trb (Version: 50.0.206.000 - Hewlett-Packard) Hidden
7-Data Recovery Suite version 3.2.0 (HKLM\...\{02386A56-080B-485c-941D-AF96B29140DD}_is1) (Version: 3.2.0 - SharpNight Co,Ltd)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AiO_Scan (Version: 50.0.206.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\AskTBar Uninstall) (Version:  - Ask.com) <==== ATTENTION
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Avira (HKLM\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden
Download &amp; Install Packages (HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Download &amp; Install Packages) (Version:  - ) <==== ATTENTION
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HP Extended Capabilities 5.3 (HKLM\...\HPExtendedCapabilities) (Version: 5.3 - HP)
HP Image Zone Express (HKLM\...\{FE64AE29-0883-4C70-8388-DC026019C900}) (Version: 1.5.1.29 - Hewlett-Packard)
HP Imaging Device Functions 5.3 (HKLM\...\HP Imaging Device Functions) (Version: 5.3 - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version:  - HP)
HP Solution Center & Imaging Support Tools 5.3 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.3 - HP)
HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
K-Lite Codec Pack 10.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Ledger (HKLM\...\{0984EA04-EB2C-4AC4-BD0B-94115A48C19E}) (Version: 1.10.0.0 - Responsive Software Limited)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version:  - )
Logitech Print Service (HKLM\...\Logitech Print Service) (Version:  - )
Logitech QuickCam Software (HKLM\...\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}) (Version: 8.47.0000 - Logitech, Inc.)
Logitech® Camera Driver (HKLM\...\QcDrv) (Version:  - )
MarketResearch (Version: 53.0.13.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.0 (HKLM\...\Microsoft .NET Framework 3.0) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft DirectX Transform optional components (HKLM\...\DXTXTRA) (Version:  - )
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{A20A58C4-6784-4B4B-86CC-94E2E3671033}) (Version: 7.02.8637 - Nero AG)
NewCopy (Version: 50.0.206.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
Pazera Free FLV to AVI Converter 1.8 (HKLM\...\{E82A57BC-E9B8-42F9-BDC7-4950BD73EA32}_is1) (Version: 1.8 - Pazera Jacek)
PCI Audio Applications (HKLM\...\PCI Audio Applications) (Version:  - )
PCI Audio Driver (HKLM\...\PCI Audio Driver) (Version:  - )
ProductContext (Version: 50.0.206.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Readme (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden
Skype™ 6.18 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.18.106 - Skype Technologies S.A.)
SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
TreeSize Free V3.3.2 (HKLM\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Unload (Version: 5.0.0 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Wayne\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Wayne\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{FB99D700-18B9-11D0-A4CF-00A024C91936}\InprocServer32 -> C:\Program Files\Common Files\Borland Shared\BDE\idsql32.dll ()
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{FB99D710-18B9-11D0-A4CF-00A024C91936}\InprocServer32 -> C:\Program Files\Common Files\Borland Shared\BDE\idapi32.dll ()

==================== Restore Points =========================

23-07-2015 21:47:35 Restore Operation
25-07-2015 17:14:47 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 09:00 - 2004-08-04 09:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\Wayne\APPLIC~1\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C0CFDEAB-609B-4932-A18D-FA7764138099}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-27 21:51 - 2014-10-27 21:51 - 00049152 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll
2014-10-27 21:51 - 2014-10-27 21:51 - 00020480 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
2014-10-27 21:51 - 2014-10-27 21:51 - 00143360 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWfiles.dll
2014-10-27 21:51 - 2014-10-27 21:51 - 00020480 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll
2014-10-27 21:51 - 2014-10-27 21:51 - 00114688 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwscriptext.dll
2015-01-03 17:00 - 2013-10-03 11:42 - 00069120 _____ () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
2015-01-03 17:00 - 2013-10-03 11:42 - 00112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 7.4.8.8
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: C-Media Mixer => Mixer.exe /startup
MSCONFIG\startupreg: C-Media Speaker Configuration => C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Talk\googletalk.exe] => Enabled:Google Talk
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe] => Enabled:Logitech Desktop Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe] => Enabled:hpqcopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe] => Enabled:hpqphunl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe] => Enabled:hpqdia.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2015 10:19:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mfmanager.exe, version 1.4.0.5, faulting module msvcr90.dll, version 9.0.30729.1, fault address 0x0006c955.
Processing media-specific event for [mfmanager.exe!ws!]

Error: (07/17/2015 08:42:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/16/2015 06:30:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/16/2015 01:39:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/16/2015 01:03:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007041d.

Error: (07/15/2015 12:06:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/14/2015 10:01:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/14/2015 08:09:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/13/2015 03:11:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/13/2015 12:15:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]


System errors:
=============
Error: (07/26/2015 09:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/26/2015 08:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/25/2015 08:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/25/2015 07:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/25/2015 06:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/25/2015 05:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/24/2015 11:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/24/2015 10:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/23/2015 10:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/23/2015 09:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: AMD Sempron™ Processor 3000+
Percentage of memory in use: 67%
Total physical RAM: 958.42 MB
Available physical RAM: 313.88 MB
Total Virtual: 3754.44 MB
Available Virtual: 2743.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:15.21 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (general storage) (Fixed) (Total:232.88 GB) (Free:218.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: F80BF80B)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: ED486976)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the main FRST log as well please
  • 0

#5
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-07-2015
Ran by Wayne at 2015-07-26 20:37:11
Running from C:\Documents and Settings\Wayne\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1343024091-2052111302-1177238915-500 - Administrator - Enabled)
Guest (S-1-5-21-1343024091-2052111302-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1343024091-2052111302-1177238915-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1343024091-2052111302-1177238915-1002 - Limited - Disabled)
Wayne (S-1-5-21-1343024091-2052111302-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Wayne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1400 (Version: 50.0.206.000 - Hewlett-Packard) Hidden
1400_Help (Version: 50.0.206.000 - Hewlett-Packard) Hidden
1400Trb (Version: 50.0.206.000 - Hewlett-Packard) Hidden
7-Data Recovery Suite version 3.2.0 (HKLM\...\{02386A56-080B-485c-941D-AF96B29140DD}_is1) (Version: 3.2.0 - SharpNight Co,Ltd)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AiO_Scan (Version: 50.0.206.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\AskTBar Uninstall) (Version:  - Ask.com) <==== ATTENTION
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Avira (HKLM\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden
Download &amp; Install Packages (HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Download &amp; Install Packages) (Version:  - ) <==== ATTENTION
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HP Extended Capabilities 5.3 (HKLM\...\HPExtendedCapabilities) (Version: 5.3 - HP)
HP Image Zone Express (HKLM\...\{FE64AE29-0883-4C70-8388-DC026019C900}) (Version: 1.5.1.29 - Hewlett-Packard)
HP Imaging Device Functions 5.3 (HKLM\...\HP Imaging Device Functions) (Version: 5.3 - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version:  - HP)
HP Solution Center & Imaging Support Tools 5.3 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.3 - HP)
HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
K-Lite Codec Pack 10.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Ledger (HKLM\...\{0984EA04-EB2C-4AC4-BD0B-94115A48C19E}) (Version: 1.10.0.0 - Responsive Software Limited)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version:  - )
Logitech Print Service (HKLM\...\Logitech Print Service) (Version:  - )
Logitech QuickCam Software (HKLM\...\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}) (Version: 8.47.0000 - Logitech, Inc.)
Logitech® Camera Driver (HKLM\...\QcDrv) (Version:  - )
MarketResearch (Version: 53.0.13.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.0 (HKLM\...\Microsoft .NET Framework 3.0) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft DirectX Transform optional components (HKLM\...\DXTXTRA) (Version:  - )
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{A20A58C4-6784-4B4B-86CC-94E2E3671033}) (Version: 7.02.8637 - Nero AG)
NewCopy (Version: 50.0.206.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
Pazera Free FLV to AVI Converter 1.8 (HKLM\...\{E82A57BC-E9B8-42F9-BDC7-4950BD73EA32}_is1) (Version: 1.8 - Pazera Jacek)
PCI Audio Applications (HKLM\...\PCI Audio Applications) (Version:  - )
PCI Audio Driver (HKLM\...\PCI Audio Driver) (Version:  - )
ProductContext (Version: 50.0.206.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Readme (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden
Skype™ 6.18 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.18.106 - Skype Technologies S.A.)
SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
TreeSize Free V3.3.2 (HKLM\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Unload (Version: 5.0.0 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Wayne\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Wayne\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{FB99D700-18B9-11D0-A4CF-00A024C91936}\InprocServer32 -> C:\Program Files\Common Files\Borland Shared\BDE\idsql32.dll ()
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{FB99D710-18B9-11D0-A4CF-00A024C91936}\InprocServer32 -> C:\Program Files\Common Files\Borland Shared\BDE\idapi32.dll ()

==================== Restore Points =========================

23-07-2015 21:47:35 Restore Operation
25-07-2015 17:14:47 System Checkpoint
26-07-2015 18:06:31 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 09:00 - 2004-08-04 09:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\Wayne\APPLIC~1\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C0CFDEAB-609B-4932-A18D-FA7764138099}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-27 21:51 - 2014-10-27 21:51 - 00049152 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll
2014-10-27 21:51 - 2014-10-27 21:51 - 00020480 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
2014-10-27 21:51 - 2014-10-27 21:51 - 00143360 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWfiles.dll
2014-10-27 21:51 - 2014-10-27 21:51 - 00020480 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll
2014-10-27 21:51 - 2014-10-27 21:51 - 00114688 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwscriptext.dll
2015-01-03 17:00 - 2013-10-03 11:42 - 00069120 _____ () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
2015-01-03 17:00 - 2013-10-03 11:42 - 00112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 7.4.8.8
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: C-Media Mixer => Mixer.exe /startup
MSCONFIG\startupreg: C-Media Speaker Configuration => C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Talk\googletalk.exe] => Enabled:Google Talk
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe] => Enabled:Logitech Desktop Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe] => Enabled:hpqcopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe] => Enabled:hpqphunl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe] => Enabled:hpqdia.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2015 10:19:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mfmanager.exe, version 1.4.0.5, faulting module msvcr90.dll, version 9.0.30729.1, fault address 0x0006c955.
Processing media-specific event for [mfmanager.exe!ws!]

Error: (07/17/2015 08:42:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/16/2015 06:30:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/16/2015 01:39:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/16/2015 01:03:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007041d.

Error: (07/15/2015 12:06:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/14/2015 10:01:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/14/2015 08:09:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/13/2015 03:11:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (07/13/2015 12:15:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.13.0, faulting module nmdataservices.dll, version 2.0.13.0, fault address 0x00141977.
Processing media-specific event for [nmindexstoresvr.exe!ws!]


System errors:
=============
Error: (07/26/2015 08:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/26/2015 07:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/26/2015 06:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/26/2015 05:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/26/2015 04:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/26/2015 03:55:42 PM) (Source: 0) (EventID: 55) (User: )
Description: E:

Error: (07/26/2015 11:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/26/2015 10:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/26/2015 09:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402

Error: (07/26/2015 08:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: AMD Sempron™ Processor 3000+
Percentage of memory in use: 66%
Total physical RAM: 958.42 MB
Available physical RAM: 325.38 MB
Total Virtual: 3754.44 MB
Available Virtual: 2724.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:15.14 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (general storage) (Fixed) (Total:232.88 GB) (Free:218.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: F80BF80B)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: ED486976)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

There should be two logs on the desktop one called additions and one called FRST

The FRST one has all the start and browser data so I need that

The main text header is like this

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by al123_000 (administrator) on SAMUEL on 23-07-2015 09:32:35
Running from C:\Users\al123_000\Desktop
Loaded Profiles: al123_000 (Available Profiles: al123_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

 


  • 0

#7
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-07-2015
Ran by Wayne (administrator) on WAYNE-6A7649B9E (26-07-2015 20:35:53)
Running from C:\Documents and Settings\Wayne\My Documents\Downloads
Loaded Profiles: Wayne (Available Profiles: Wayne)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\WINDOWS\system32\LVCOMSX.EXE
(Logitech Inc.) C:\Program Files\Logitech\Video\LogiTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\PROGRA~1\MESSEN~1\msmsgs.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Logitech Inc.) C:\Program Files\Logitech\Video\FxSvr2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [782008 2015-07-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LVCOMSX] => C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-19] (Logitech Inc.)
HKLM\...\Run: [LogitechVideoRepair] => C:\Program Files\Logitech\Video\ISStart.exe [458752 2005-06-08] (Logitech Inc.)
HKLM\...\Run: [LogitechVideoTray] => C:\Program Files\Logitech\Video\LogiTray.exe [217088 2005-06-08] (Logitech Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SystweakASP] => /verysilent
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SearchProtection] => "C:\Documents and Settings\Wayne\Application Data\Search Protection\SearchProtection.EXE" /autostart
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [LDM] => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [20480 2014-10-27] (Logitech)
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [LogitechSoftwareUpdate] => C:\Program Files\Logitech\Video\ManifestEngine.exe [196608 2005-06-08] (Logitech Inc.)
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-07-02]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-01-03]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk [2014-10-27]
ShortcutTarget: Logitech Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 - (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> DefaultScope {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266} URL = http://astromenda.co...=1640802568&ir=
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266} URL = http://astromenda.co...=1640802568&ir=
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {E5B4158F-E345-4115-BE5A-4CE6C25171E2} URL = http://astromenda.co...=1234388902&ir=
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2015-01-19] (Yahoo! Inc.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-21] (Oracle Corporation)
BHO: Ask Search Assistant BHO -> {9CB65201-89C4-402c-BA80-02D8C59F9B1D} -> C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [2015-01-22] (Ask.com)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)
BHO: Ask Toolbar BHO -> {FE063DB1-4EC0-403e-8DD8-394C54984B2C} -> C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2015-01-22] (Ask.com)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2015-01-19] (Yahoo! Inc.)
Toolbar: HKLM - Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2015-01-22] (Ask.com)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1408657331890
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-21] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-21] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-21] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{699C5A67-6797-44EF-A136-59809AC9D3BE}: [NameServer] 8.8.8.8,7.4.8.8
Tcpip\..\Interfaces\{699C5A67-6797-44EF-A136-59809AC9D3BE}: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default
FF Homepage: www.google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\user.js [2014-11-02]
FF SearchPlugin: C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\Astromenda.xml [2014-11-02]
FF SearchPlugin: C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\avira-safesearch.xml [2015-02-26]
FF Extension: Avira Browser Safety - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\[email protected](2).com [2015-07-02]
FF Extension: Ant Video Downloader - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\[email protected](2).com [2015-07-23]
FF Extension: Ant Video Downloader - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\[email protected] [2015-07-23]
FF Extension: Avira SafeSearch - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\[email protected] [2015-06-16]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) [2014-08-26]
FF HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-05]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [887128 2015-07-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [461672 2015-07-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [461672 2015-07-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-07-25] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [741376 2006-10-30] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-21] (Oracle Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2006-10-30] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [108448 2015-07-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136728 2015-07-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-05] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 cmpci; C:\WINDOWS\System32\drivers\cmaudio.sys [379726 2014-08-21] (C-Media Inc)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R3 HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [145952 2008-11-12] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S3 QCMerced; C:\WINDOWS\System32\DRIVERS\LVCM.sys [1317152 2005-05-27] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-06-10] (Avira Operations GmbH & Co. KG)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 10:27 - 2015-07-26 10:27 - 00026922 _____ C:\Documents and Settings\Wayne\My Documents\Farbar scan.txt
2015-07-26 10:23 - 2015-07-26 20:36 - 00000000 ____D C:\FRST
2015-07-21 21:22 - 2015-07-21 21:21 - 00000747 _____ C:\Documents and Settings\Wayne\My Documents\Shortcut to MIXER.lnk
2015-07-21 21:21 - 2015-07-21 21:21 - 00000747 _____ C:\Documents and Settings\Wayne\Desktop\Shortcut to MIXER.lnk
2015-07-20 23:11 - 2015-07-20 23:11 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\B&TFIMS
2015-07-16 17:38 - 2015-07-16 17:38 - 00002361 _____ C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
2015-07-16 17:38 - 2015-07-16 17:38 - 00002261 _____ C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
2015-07-16 17:38 - 2015-07-16 17:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Nero 7 Ultra Edition
2015-07-13 14:31 - 2015-07-13 14:31 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\Copy of B&TFIMS
2015-07-13 07:35 - 2015-07-13 07:35 - 00000293 _____ C:\Documents and Settings\Wayne\Desktop\Shortcut to Display.lnk
2015-07-11 10:39 - 2015-07-11 10:39 - 00006396 _____ C:\Documents and Settings\Wayne\My Documents\startup.txt
2015-07-05 17:20 - 2015-07-05 19:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-04 13:51 - 2015-02-16 19:25 - 10233665 _____ C:\Documents and Settings\Wayne\My Documents\The Browns Jim Ed Maxine and Bonnie - The Three Bells - YouTube.mp4
2015-07-04 13:50 - 2015-07-04 13:50 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\WMF SCHOOL PICS
2015-07-04 13:50 - 2015-07-04 13:50 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\TONDA'S WEDDING 29 June 1991
2015-07-04 13:50 - 2015-06-25 00:58 - 141180012 _____ C:\Documents and Settings\Wayne\My Documents\HISTORY OF CATHOLICISM part 2 of 2 - YouTube.mp4
2015-07-04 13:50 - 2015-06-24 23:52 - 178669868 _____ C:\Documents and Settings\Wayne\My Documents\HISTORY OF CATHOLICISM part 1 of 2 - YouTube.mp4
2015-07-04 13:50 - 2015-02-16 19:54 - 15857029 _____ C:\Documents and Settings\Wayne\My Documents\Homer & Jethro - San Antonio Rose-Battle Of Kookamonga - YouTube.mp4
2015-07-04 13:50 - 2015-02-16 19:48 - 09003442 _____ C:\Documents and Settings\Wayne\My Documents\Mac Wiseman - Wild Side of Life - YouTube.mp4
2015-07-04 13:50 - 2015-02-16 19:44 - 11144141 _____ C:\Documents and Settings\Wayne\My Documents\Mac Wiseman-The Letter Edged In Black 70s - YouTube.mp4
2015-07-04 13:50 - 2015-02-16 19:27 - 06703680 _____ C:\Documents and Settings\Wayne\My Documents\Mac Wiseman Jimmie Brown The Newsboy - YouTube.mp4
2015-07-04 13:50 - 2015-02-16 19:20 - 13965724 _____ C:\Documents and Settings\Wayne\My Documents\Jeannie Seely - Dont Touch Me - YouTube.mp4
2015-07-04 13:50 - 2015-02-16 19:02 - 31905199 _____ C:\Documents and Settings\Wayne\My Documents\Jean Shepard and Hawkshaw Hawkins - YouTube.mp4
2015-07-04 13:50 - 2015-02-16 18:44 - 18330438 _____ C:\Documents and Settings\Wayne\My Documents\FRANK SINATRA & ANTONIO CARLOS JOBIM Medley bossa nova 1967 - YouTube.mp4
2015-07-04 13:50 - 2015-01-18 21:43 - 460331812 _____ C:\Documents and Settings\Wayne\My Documents\Operation Overlord & Neptune D-Day documentary - YouTube.mp4
2015-07-04 13:46 - 2015-07-04 13:46 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\JOAN & WAYNE WEDDING 16 August 1986
2015-07-04 13:46 - 2015-07-04 13:46 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\FLASH DRIVE TEMPORARY STORAGE
2015-07-04 13:46 - 2015-07-04 13:46 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\COLLEEN'S ENGAGEMENT PARTY
2015-07-04 13:46 - 2015-07-04 13:46 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\BARN DEMOLITION
2015-07-04 13:42 - 2015-07-04 13:42 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\2015-06 (Jun)
2015-07-02 18:27 - 2015-07-02 18:27 - 00000731 _____ C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-07-02 18:27 - 2015-07-02 18:27 - 00000723 _____ C:\Documents and Settings\All Users\Desktop\HP Image Zone Express.lnk
2015-07-02 18:26 - 2015-07-02 18:26 - 00000984 _____ C:\Documents and Settings\All Users\Start Menu\HP Solution Center.lnk
2015-07-02 18:26 - 2015-07-02 18:26 - 00000984 _____ C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
2015-07-02 18:26 - 2015-07-02 18:26 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-07-02 18:25 - 2015-07-02 18:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-07-02 18:21 - 2015-07-02 18:28 - 00000000 ____D C:\Program Files\HP
2015-07-02 18:19 - 2015-07-02 18:28 - 00112886 _____ C:\WINDOWS\hpoins07.dat
2015-07-02 18:19 - 2005-05-24 03:52 - 00021124 ____N C:\WINDOWS\hpomdl07.dat
2015-07-02 17:16 - 2015-07-02 17:16 - 00000874 _____ C:\Documents and Settings\Wayne\Desktop\TreeSize Free.lnk
2015-07-02 17:16 - 2015-07-02 17:16 - 00000000 ____D C:\Program Files\JAM Software
2015-07-02 17:16 - 2015-07-02 17:16 - 00000000 ____D C:\Documents and Settings\Wayne\Application Data\JAM Software
2015-07-02 17:16 - 2015-07-02 17:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TreeSize Free

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 20:36 - 2014-08-20 21:59 - 00000000 ____D C:\Documents and Settings\Wayne\Local Settings\Temp
2015-07-26 20:28 - 2014-08-21 18:33 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{C0CFDEAB-609B-4932-A18D-FA7764138099}.job
2015-07-26 20:27 - 2014-10-10 18:27 - 00000414 _____ C:\WINDOWS\Tasks\At2.job
2015-07-26 20:26 - 2015-05-08 12:09 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-26 20:18 - 2014-09-14 07:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-26 17:26 - 2015-05-08 12:09 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-26 15:58 - 2004-08-04 09:00 - 00012984 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-26 15:57 - 2014-08-20 21:53 - 01995085 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-26 15:55 - 2014-08-23 23:53 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-26 15:55 - 2014-08-23 23:53 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-07-26 15:55 - 2014-08-21 19:24 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-07-26 15:55 - 2014-08-21 18:09 - 00201705 _____ C:\WINDOWS\system32\nvapps.xml
2015-07-26 15:55 - 2014-08-20 21:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-26 11:41 - 2014-08-20 21:58 - 00032640 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-25 19:01 - 2014-08-21 19:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-07-25 18:57 - 2014-08-21 19:53 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-07-25 18:57 - 2014-08-21 19:53 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-07-25 16:53 - 2014-11-08 00:11 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\My Maps
2015-07-25 16:47 - 2014-10-17 16:03 - 00000000 ____D C:\Documents and Settings\Wayne\Application Data\Skype
2015-07-24 12:25 - 2015-01-02 21:54 - 00500856 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-07-24 12:25 - 2014-09-02 12:19 - 02068326 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1343024091-2052111302-1177238915-1003-0.dat
2015-07-24 12:25 - 2014-09-02 12:19 - 00144230 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-07-24 11:28 - 2015-01-07 01:18 - 00000080 _____ C:\Documents and Settings\Wayne\default.pls
2015-07-24 11:28 - 2014-08-20 21:59 - 00000000 ____D C:\Documents and Settings\Wayne
2015-07-23 21:49 - 2014-08-20 21:58 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-07-23 21:49 - 2014-08-20 21:58 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-07-23 21:49 - 2014-08-20 21:51 - 00000000 ____D C:\WINDOWS\Registration
2015-07-23 14:34 - 2014-08-23 20:18 - 00000000 ____D C:\Documents and Settings\Wayne\Application Data\vlc
2015-07-23 14:26 - 2014-08-23 15:14 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2015-07-23 12:56 - 2014-09-19 12:58 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-07-23 12:10 - 2014-08-20 18:41 - 00000211 ___SH C:\boot.ini
2015-07-23 12:10 - 2004-08-04 09:00 - 00000562 _____ C:\WINDOWS\win.ini
2015-07-23 12:10 - 2004-08-04 09:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-07-21 21:26 - 2015-05-26 18:45 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\MY VIDEOS COLLECTION
2015-07-21 21:25 - 2014-08-26 22:02 - 00000000 ____D C:\Documents and Settings\Wayne\Application Data\Image Zone Express
2015-07-21 10:29 - 2014-08-31 18:44 - 00007356 _____ C:\Documents and Settings\Wayne\Desktop\ADDRESSES & PHONE NOS.txt
2015-07-20 23:38 - 2014-08-23 15:56 - 00000000 ____D C:\Documents and Settings\Wayne\Local Settings\Application Data\WMTools Downloaded Files
2015-07-20 23:26 - 2014-08-23 15:13 - 00040960 _____ C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-20 23:25 - 2015-02-06 23:45 - 00000000 ___RD C:\Documents and Settings\Wayne\My Documents\Dropbox
2015-07-18 11:41 - 2014-08-21 19:49 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-07-17 09:28 - 2014-08-26 11:03 - 00000000 ____D C:\Documents and Settings\Wayne\Desktop\PROGRAM PASSWORDS - E
2015-07-15 13:20 - 2014-08-21 20:16 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-15 13:20 - 2014-08-21 20:16 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-12 22:33 - 2015-01-05 16:39 - 00000151 _____ C:\WINDOWS\PhotoSnapViewer.INI
2015-07-09 11:11 - 2014-09-02 09:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-07-07 13:43 - 2014-08-21 19:53 - 00000000 ____D C:\Program Files\Avira
2015-07-06 09:22 - 2014-08-21 19:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-03 11:42 - 2014-10-01 09:42 - 00000000 ____D C:\Program Files\Recuva
2015-07-02 18:28 - 2014-08-24 18:55 - 00008061 _____ C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-07-02 18:23 - 2014-08-20 18:36 - 00000000 ____D C:\WINDOWS\twain_32
2015-07-01 09:35 - 2014-10-28 20:34 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\BILL PAYMENTS
2015-06-29 15:18 - 2014-08-30 19:18 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\DVD PROJECTS COMPLETED

==================== Files in the root of some directories =======

2014-08-25 21:04 - 2014-08-25 21:04 - 0000316 _____ () C:\Documents and Settings\Wayne\Application Data\aps.uninstall.scan.results
2014-09-29 20:55 - 2014-09-29 20:55 - 0000000 _____ () C:\Documents and Settings\Wayne\Application Data\Hewlett-PackardHP PSC 1400 series1409098626_API.log
2014-09-29 20:55 - 2014-10-18 22:47 - 0000891 _____ () C:\Documents and Settings\Wayne\Application Data\Hewlett-PackardHP PSC 1400 series1409098626_PROTOCOL.log
2014-09-29 20:55 - 2014-09-29 20:55 - 0000360 _____ () C:\Documents and Settings\Wayne\Application Data\Hewlett-PackardHP PSC 1400 series1409098626_UI.log
2014-09-27 22:02 - 2014-09-27 22:03 - 0002051 _____ () C:\Documents and Settings\Wayne\Application Data\HPSU_48BitScanUpdate.log
2014-09-27 22:02 - 2014-09-27 22:02 - 0030981 _____ () C:\Documents and Settings\Wayne\Application Data\Update_HP_RedboxHprblog_HPSU.log
2014-08-23 15:13 - 2015-07-20 23:26 - 0040960 _____ () C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Windows\Tasks\At2.job


Some files in TEMP:
====================
C:\Documents and Settings\Wayne\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Wayne\Local Settings\Temp\IadHide4.dll
C:\Documents and Settings\Wayne\Local Settings\Temp\jre-8u51-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know what problems remain after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SystweakASP] => /verysilent
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SearchProtection] => "C:\Documents and Settings\Wayne\Application Data\Search Protection\SearchProtection.EXE" /autostart
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [LDM] => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [20480 2014-10-27] (Logitech)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 - (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> DefaultScope {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266} URL = http://astromenda.co...=1640802568&ir=
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266} URL = http://astromenda.co...=1640802568&ir=
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {E5B4158F-E345-4115-BE5A-4CE6C25171E2} URL = http://astromenda.co...=1234388902&ir=
BHO: Ask Search Assistant BHO -> {9CB65201-89C4-402c-BA80-02D8C59F9B1D} -> C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [2015-01-22] (Ask.com)
BHO: Ask Toolbar BHO -> {FE063DB1-4EC0-403e-8DD8-394C54984B2C} -> C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2015-01-22] (Ask.com)
Toolbar: HKLM - Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2015-01-22] (Ask.com)
FF user.js: detected! => C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\user.js [2014-11-02]
FF SearchPlugin: C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\Astromenda.xml [2014-11-02]
FF Extension: Ant Video Downloader - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\[email protected](2).com [2015-07-23]
FF Extension: Ant Video Downloader - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\[email protected] [2015-07-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-05]
2015-07-26 20:27 - 2014-10-10 18:27 - 00000414 _____ C:\WINDOWS\Tasks\At2.job
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{FB99D700-18B9-11D0-A4CF-00A024C91936}\InprocServer32 -> C:\Program Files\Common Files\Borland Shared\BDE\idsql32.dll ()
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{FB99D710-18B9-11D0-A4CF-00A024C91936}\InprocServer32 -> C:\Program Files\Common Files\Borland Shared\BDE\idapi32.dll ()
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\Wayne\APPLIC~1\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""
C:\Documents and Settings\Wayne\Application Data\Search Protection
C:\Program Files\AskTBar
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP