Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Startup Menu File Missing, Desktop with no taskbar, icons, or start bu


  • Please log in to reply

#1
waynf

waynf

    Member 1K

  • Member
  • PipPipPipPip
  • 1,057 posts

This morning I noticed that on Start that "My Music" was missing.  When I went to My Documents>My Music and right cliked that "Pin to Start Menu" doesn't appear on dropdown menu.  I did a System Restore but that didnt solve it.

 

I tried doing a system restore, but pc crashed leaving me with desktop background with no Start Button, Taskbar icons.  I then did a "Start" and while it was loading I shut power off behind tower.  Nothing happened.  I repeated the operation and desktop came back to normal, however i found no solution to the missing "My Music" in the are designated as "My Documents", "Recent Documents,", "My Pictures", "My Computer".  Any ideas as to what is going on?


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Odds are your hard drive has some problems:
 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
 
Reboot. 
 
The disk check will run and will probably take an hour or more to finish.
 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
Ron
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 

  • 0

#3
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

In following your instructions, after I Run>eventvwr.msc>OK>Right clik on System and Clear All Events I get a dialogue box which says "Do you want to save "System" before clearing it.  What should be my answer in this box?


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

No we don't want to save the logs.


  • 0

#5
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

Thanks


  • 0

#6
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

Sorry for delay my wireless server was down intermittently.

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 10/08/2016 6:34:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/08/2016 6:27:00 PM
Type: error Category: 0
Event: 7901 Source: Schedule
The At2.job command failed to start due to the following error:  %%2147942403

Log: 'System' Date/Time: 10/08/2016 5:27:00 PM
Type: error Category: 0
Event: 7901 Source: Schedule
The At2.job command failed to start due to the following error:  %%2147942403

Log: 'System' Date/Time: 10/08/2016 4:27:00 PM
Type: error Category: 0
Event: 7901 Source: Schedule
The At2.job command failed to start due to the following error:  %%2147942403

Log: 'System' Date/Time: 10/08/2016 3:27:00 PM
Type: error Category: 0
Event: 7901 Source: Schedule
The At2.job command failed to start due to the following error:  %%2147942403

Log: 'System' Date/Time: 10/08/2016 2:27:00 PM
Type: error Category: 0
Event: 7901 Source: Schedule
The At2.job command failed to start due to the following error:  %%2147942403

Log: 'System' Date/Time: 10/08/2016 2:10:54 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.  

Log: 'System' Date/Time: 10/08/2016 2:10:54 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Log: 'System' Date/Time: 10/08/2016 2:10:54 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.  

Log: 'System' Date/Time: 10/08/2016 2:10:54 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

Log: 'System' Date/Time: 10/08/2016 2:10:54 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.  

Log: 'System' Date/Time: 10/08/2016 2:10:54 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#7
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

Vino's Event Viewer v01c run on Windows XP in English
Report run at 10/08/2016 6:38:19 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/08/2016 1:14:49 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user WAYNE-6A7649B9E\Wayne registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
 


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Looks like malware.  Going to have this topic moved to the malware forum.  

 

 
  •  
 
  • Get FRST from
  • You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #9
    waynf

    waynf

      Member 1K

    • Topic Starter
    • Member
    • PipPipPipPip
    • 1,057 posts

    Do you want me to continue with http:live.sysinternals.com/procexp.exe?


    • 0

    #10
    waynf

    waynf

      Member 1K

    • Topic Starter
    • Member
    • PipPipPipPip
    • 1,057 posts

    Regarding FRST, should  only the Addition.txt box be checked?


    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Yes just check the Addition.txt box.  You can also run Process Explorer.


    • 0

    #12
    waynf

    waynf

      Member 1K

    • Topic Starter
    • Member
    • PipPipPipPip
    • 1,057 posts

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-08-2016 01
    Ran by Wayne (2016-08-11 12:26:08)
    Running from C:\Documents and Settings\Wayne\My Documents\Dropbox
    Microsoft Windows XP Professional Service Pack 3 (X86) (2014-08-21 00:57:20)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1343024091-2052111302-1177238915-500 - Administrator - Enabled)
    Guest (S-1-5-21-1343024091-2052111302-1177238915-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
    HelpAssistant (S-1-5-21-1343024091-2052111302-1177238915-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1343024091-2052111302-1177238915-1002 - Limited - Disabled)
    Wayne (S-1-5-21-1343024091-2052111302-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Wayne

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    1400 (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    1400_Help (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    1400Trb (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
    Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    AiO_Scan (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    AiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG)
    Avira Launcher (HKLM\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
    Avira Launcher (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.)
    Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
    CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    dBpoweramp Music Converter (HKLM\...\dBpoweramp Music Converter) (Version: Release 16.0 - Illustrate)
    Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden
    Download &amp; Install Packages (HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Download &amp; Install Packages) (Version:  - ) <==== ATTENTION
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Fax (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
    HP Extended Capabilities 5.3 (HKLM\...\HPExtendedCapabilities) (Version: 5.3 - HP)
    HP Image Zone Express (HKLM\...\{FE64AE29-0883-4C70-8388-DC026019C900}) (Version: 1.5.1.29 - Hewlett-Packard)
    HP Imaging Device Functions 5.3 (HKLM\...\HP Imaging Device Functions) (Version: 5.3 - HP)
    HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version:  - HP)
    HP Solution Center & Imaging Support Tools 5.3 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.3 - HP)
    HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
    Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    K-Lite Codec Pack 12.2.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 12.2.5 - KLCP)
    Ledger (HKLM\...\{0984EA04-EB2C-4AC4-BD0B-94115A48C19E}) (Version: 1.10.0.0 - Responsive Software Limited)
    Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version:  - )
    Logitech Print Service (HKLM\...\Logitech Print Service) (Version:  - )
    Logitech QuickCam Software (HKLM\...\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}) (Version: 8.47.0000 - Logitech, Inc.)
    Logitech® Camera Driver (HKLM\...\QcDrv) (Version:  - )
    MarketResearch (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
    Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 3.0 (HKLM\...\Microsoft .NET Framework 3.0) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft DirectX Transform optional components (HKLM\...\DXTXTRA) (Version:  - )
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 48.0 (x86 en-US) (HKLM\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 48.0.0.6051 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
    MyHeritage Family Tree Builder (HKLM\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)
    Nero 7 Ultra Edition (HKLM\...\{A20A58C4-6784-4B4B-86CC-94E2E3671033}) (Version: 7.02.8637 - Nero AG)
    NewCopy (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
    PCI Audio Applications (HKLM\...\PCI Audio Applications) (Version:  - )
    PCI Audio Driver (HKLM\...\PCI Audio Driver) (Version:  - )
    ProductContext (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    Readme (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
    ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden
    Skype™ 6.18 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.18.106 - Skype Technologies S.A.)
    SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
    Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
    Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    Unload (Version: 5.0.0 - Hewlett-Packard) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
    Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Wayne\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
    CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Wayne\Application Data\Dropbox\bin\Dropbox.exe /wiacallback => No File
    CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{FB99D700-18B9-11D0-A4CF-00A024C91936}\InprocServer32 -> C:\Program Files\Common Files\Borland Shared\BDE\idsql32.dll ()
    CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{FB99D710-18B9-11D0-A4CF-00A024C91936}\InprocServer32 -> C:\Program Files\Common Files\Borland Shared\BDE\idapi32.dll ()

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\Wayne\APPLIC~1\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\klcp_update.job => CMD /C sc create KLCPU binPath CMD /V /C SET \FILE \ ProgramFiles \ Lite Codec Pack Tools CodecTweakTool exe\\ IF EXIST FILE START \CTT\ FILE /verysilent /update /freq 30 type own type interact net start KLCPU sc delete KLCPU CMD Wayne
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C0CFDEAB-609B-4932-A18D-FA7764138099}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-09-27 18:46 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-09-27 18:46 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-09-27 18:46 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-10-27 21:51 - 2014-10-27 21:51 - 00049152 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll
    2014-10-27 21:51 - 2014-10-27 21:51 - 00020480 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
    2014-10-27 21:51 - 2014-10-27 21:51 - 00143360 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWfiles.dll
    2014-10-27 21:51 - 2014-10-27 21:51 - 00020480 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll
    2014-10-27 21:51 - 2014-10-27 21:51 - 00114688 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwscriptext.dll
    2015-01-03 17:00 - 2013-10-03 11:42 - 00069120 _____ () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
    2015-01-03 17:00 - 2013-10-03 11:42 - 00112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
    2008-04-14 05:42 - 2013-01-02 03:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7866 more sites.

    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\123simsen.com -> www.123simsen.com

    There are 7866 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2004-08-04 09:00 - 2016-05-11 13:51 - 00000763 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1       localhost
    0.0.0.1    mssplus.mcafee.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Wayne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.0.1
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: C-Media Mixer => Mixer.exe /startup
    MSCONFIG\startupreg: C-Media Speaker Configuration => C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    MSCONFIG\startupreg: MSMSGS => "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
    StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Talk\googletalk.exe] => Enabled:Google Talk
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
    StandardProfile\AuthorizedApplications: [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe] => Enabled:Logitech Desktop Messenger
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
    StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe] => Enabled:hpqcopy.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe] => Enabled:hpfccopy.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe] => Enabled:hpqphunl.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe] => Enabled:hpqdia.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

    ==================== Restore Points =========================

    08-08-2016 20:57:17 System Checkpoint
    10-08-2016 12:34:31 System Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (08/11/2016 12:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
    Description: The At2.job command failed to start due to the following error:
    %%2147942403 = The system cannot find the path specified.

    Error: (08/11/2016 11:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
    Description: The At2.job command failed to start due to the following error:
    %%2147942403 = The system cannot find the path specified.

    Error: (08/11/2016 10:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
    Description: The At2.job command failed to start due to the following error:
    %%2147942403 = The system cannot find the path specified.

    Error: (08/11/2016 09:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
    Description: The At2.job command failed to start due to the following error:
    %%2147942403 = The system cannot find the path specified.

    Error: (08/11/2016 08:56:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.

    Error: (08/11/2016 08:56:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

    Error: (08/11/2016 08:56:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.

    Error: (08/11/2016 08:56:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (08/11/2016 08:56:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.

    Error: (08/11/2016 08:56:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.


    ==================== Memory info ===========================

    Processor: AMD Sempron™ Processor 3000+
    Percentage of memory in use: 74%
    Total physical RAM: 958.42 MB
    Available physical RAM: 240.74 MB
    Total Virtual: 3754.49 MB
    Available Virtual: 2666.63 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:74.53 GB) (Free:29.17 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: F80BF80B)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-08-2016 01
    Ran by Wayne (administrator) on WAYNE-6A7649B9E (11-08-2016 12:22:58)
    Running from C:\Documents and Settings\Wayne\My Documents\Dropbox
    Loaded Profiles: Wayne (Available Profiles: Wayne & Guest)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (All) =========================

    (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
    (Microsoft Corporation) C:\WINDOWS\system32\csrss.exe
    (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
    (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
    (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
    (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
    (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
    (Microsoft Corporation) C:\WINDOWS\explorer.exe
    (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    (Logitech Inc.) C:\WINDOWS\system32\LVCOMSX.EXE
    (Logitech Inc.) C:\Program Files\Logitech\Video\LogiTray.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (Logitech Inc.) C:\Program Files\Logitech\Video\FxSvr2.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (MyHeritage) C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
    (Microsoft Corporation) C:\WINDOWS\system32\ctfmon.exe
    (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (HP) C:\WINDOWS\system32\HPZipm12.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    (Microsoft Corporation) C:\WINDOWS\system32\alg.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
    (Microsoft Corporation) C:\WINDOWS\system32\msdtc.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Farbar) C:\Documents and Settings\Wayne\My Documents\Dropbox\FRST.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\wmiprvse.exe

    ==================== Registry (All) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [831064 2016-08-08] (Avira Operations GmbH & Co. KG)
    HKLM\...\Run: [LVCOMSX] => C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-19] (Logitech Inc.)
    HKLM\...\Run: [LogitechVideoRepair] => C:\Program Files\Logitech\Video\ISStart.exe [458752 2005-06-08] (Logitech Inc.)
    HKLM\...\Run: [LogitechVideoTray] => C:\Program Files\Logitech\Video\LogiTray.exe [217088 2005-06-08] (Logitech Inc.)
    HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
    HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\Run: [Family Tree Builder Update] => C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2477056 2015-03-02] (MyHeritage)
    HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
    HKLM\...\Winlogon: [Userinit] C:\WINDOWS\System32\Userinit.exe, [26112 2008-04-14] (Microsoft Corporation)
    HKLM\...\Winlogon: [Shell] explorer.exe [1033728 2008-04-14] (Microsoft Corporation)
    HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)
    Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\dimsntfy: C:\WINDOWS\System32\dimsntfy.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\WgaLogon: C:\WINDOWS\system32\WgaLogon.dll [2009-03-10] (Microsoft Corporation)
    Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    HKU\S-1-5-19\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
    HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    HKU\S-1-5-20\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SystweakASP] => /verysilent
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SearchProtection] => "C:\Documents and Settings\Wayne\Application Data\Search Protection\SearchProtection.EXE" /autostart
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [LDM] => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [20480 2014-10-27] (Logitech)
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [LogitechSoftwareUpdate] => C:\Program Files\Logitech\Video\ManifestEngine.exe [196608 2005-06-08] (Logitech Inc.)
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\CurrentVersion\Windows: [Run]   <===== ATTENTION
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
    HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
    Lsa: [Authentication Packages] msv1_0
    Lsa: [Notification Packages] scecli
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
    SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
    ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS\System32\cscui.dll [2008-04-14] (Microsoft Corporation)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-07-02]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-01-03]
    ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk [2014-10-27]
    ShortcutTarget: Logitech Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-06-27]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
    BootExecute: autocheck autochk *
    AlternateShell: cmd.exe

    ==================== Internet (All) ===========================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Winsock: Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896 2008-04-14] (Microsoft Corporation)
    Winsock: Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Winsock: Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Winsock: Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Winsock: Catalog9 06 C:\WINDOWS\system32\rsvpsp.dll [92672 2008-04-14] (Microsoft Corporation)
    Winsock: Catalog9 07 C:\WINDOWS\system32\rsvpsp.dll [92672 2008-04-14] (Microsoft Corporation)
    Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Winsock: Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Winsock: Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Winsock: Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Winsock: Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Winsock: Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Winsock: Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Winsock: Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{2D98C928-558B-4F90-989D-BAC157AE0070}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_tb
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
    URLSearchHook: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
    URLSearchHook: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 - (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL No File
    URLSearchHook: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
    SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> DefaultScope {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_41_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCzytB0FyDtB0F0A0FyCyCtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0A0D0DzzyD0C0AtGtD0ByDtDtG0C0ByEzytGtAzz0F0EtGtAzyyEtC0CtD0EzztAtA0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzz0A0CyE0AzytG0D0CzyzytGyEyB0CyDtG0Azy0EzytG0ByByBtCtC0CyDtCtAtA0E0D2Q&cr=1640802568&ir=
    SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {18FB97BB-B194-4ADD-A0C8-2F72BF8A03F8} URL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_41_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCzytB0FyDtB0F0A0FyCyCtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0A0D0DzzyD0C0AtGtD0ByDtDtG0C0ByEzytGtAzz0F0EtGtAzyyEtC0CtD0EzztAtA0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzz0A0CyE0AzytG0D0CzyzytGyEyB0CyDtG0Azy0EzytG0ByByBtCtC0CyDtCtAtA0E0D2Q&cr=1640802568&ir=
    SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {E5B4158F-E345-4115-BE5A-4CE6C25171E2} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCzytB0FyDtB0F0A0FyCyCtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtA0FyE0EtDtAyCtGzz0AyEtCtGtD0B0BzztGzz0Fzz0CtGyBtDtB0AtB0B0C0CyBtA0Azy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0ByBtB0CyCtGyDtD0CtDtGyEyE0EyBtG0ByEtBtBtGzyyEtD0C0A0Dzz0AtA0FtCtD2Q&cr=1234388902&ir=
    BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll [2016-05-24] (Yahoo! Inc.)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-21] (Oracle Corporation)
    BHO: Ask Search Assistant BHO -> {9CB65201-89C4-402c-BA80-02D8C59F9B1D} -> C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL => No File
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)
    BHO: Ask Toolbar BHO -> {FE063DB1-4EC0-403e-8DD8-394C54984B2C} -> C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL => No File
    Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll [2016-05-24] (Yahoo! Inc.)
    Toolbar: HKLM - Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL No File
    Toolbar: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1408657331890
    Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2014-04-30] (Microsoft Corporation)
    Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
    Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
    Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
    Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
    Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
    Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
    Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
    Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
    Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
    Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll [2008-04-14] (Microsoft Corporation)
    Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2014-04-30] (Microsoft Corporation)
    Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
    Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2014-04-30] (Microsoft Corporation)
    Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll [2011-10-10] (Microsoft Corporation)
    Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
    Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2013-09-25] (Microsoft Corporation)
    Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll [2008-04-14] (Microsoft Corporation)
    Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
    Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
    Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2014-04-30] (Microsoft Corporation)
    Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll [2014-04-30] (Microsoft Corporation)
    Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
    Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2014-04-30] (Microsoft Corporation)
    Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll [2008-04-14] (Microsoft Corporation)
    Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)
    Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)
    Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)
    Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
    Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
    Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
    Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL [2009-02-26] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default
    FF DefaultSearchEngine.US: Avira SafeSearch
    FF Homepage:  www.google.ca
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF user.js: detected! => C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\user.js [2014-11-02]
    FF SearchPlugin: C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\Astromenda.xml [2014-11-02]
    FF SearchPlugin: C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\avira-safesearch-1.xml [2015-11-30]
    FF SearchPlugin: C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\avira-safesearch.xml [2015-11-18]
    FF Extension: Ant Video Downloader - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\[email protected] [2016-06-28]
    FF Extension: Video AdBlock - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} [2016-07-19]
    FF Extension: Avira Browser Safety - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\[email protected](2).com [2015-07-02] [not signed]
    FF Extension: Ant Video Downloader - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\[email protected](2).com [2015-07-23] [not signed]
    FF Extension: Avira SafeSearch - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\[email protected] [2016-06-11]
    FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) [2014-08-26] [not signed]
    FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-08-02] [not signed]
    FF HKLM\...\Mozilla Firefox 48.0\Extensions: [Components] - C:\Program Files\Mozilla Firefox\components => not found
    FF HKLM\...\Mozilla Firefox 48.0\Extensions: [Plugins] - C:\Program Files\Mozilla Firefox\plugins => not found
    StartMenuInternet: FIREFOX.EXE - "C:\Program Files\Mozilla Firefox\firefox.exe"
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\channel-prefs.js [2014-07-17]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx

    ==================== Services (All) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [270016 2016-07-14] (Adobe Systems Incorporated)
    S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
    R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
    S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [970632 2016-08-08] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [472112 2016-08-08] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [472112 2016-08-08] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1251840 2016-08-08] (Avira Operations GmbH & Co. KG)
    R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744 2015-01-19] (Apple Inc.)
    S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)
    S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
    R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
    R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
    R3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
    R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
    S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
    S4 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
    S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
    S4 clr_optimization_v2.0.50727_32; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
    S2 clr_optimization_v4.0.30319_32; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
    R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
    R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
    R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
    S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)
    S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
    R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
    S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
    S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
    R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
    R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
    R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
    R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
    S3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [36864 2006-10-20] (Microsoft Corporation)
    S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-05-08] (Google Inc.)
    S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-05-08] (Google Inc.)
    S3 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
    R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)
    S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
    S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
    S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [741376 2006-10-30] (Microsoft Corporation) [File not signed]
    S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
    R3 iPod Service; C:\Program Files\iPod\bin\iPodService.exe [540968 2015-04-07] (Apple Inc.)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-21] (Oracle Corporation)
    R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
    R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
    S4 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
    S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
    S4 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
    S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [146888 2016-08-02] (Mozilla Foundation)
    R3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
    S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)
    S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
    S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [792112 2007-04-13] (Nero AG)
    S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
    S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
    S4 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
    R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
    S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2006-10-30] (Microsoft Corporation) [File not signed]
    R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
    R3 NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
    S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
    S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
    S2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [163908 2009-01-16] (NVIDIA Corporation)
    S3 odserv; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
    S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
    R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
    R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
    R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
    S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
    R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
    S4 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
    S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
    S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
    S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
    R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
    S4 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation)
    R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
    S4 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
    R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
    S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
    R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
    R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)
    R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
    R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
    R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
    R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
    R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
    S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
    R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
    R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
    R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
    S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
    S3 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
    S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
    S4 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
    S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
    S4 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
    R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
    R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
    S4 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
    S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
    S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
    S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
    R3 WPFFontCache_v0400; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-07-20] (Microsoft Corporation)
    R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
    R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
    S3 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
    R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)
    S4 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
    R2 YahooAUService; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392 2008-11-09] (Yahoo! Inc.)
    R3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{00157407-506A-43C8-ABED-0F6E896D2261}

    ==================== Drivers (All) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation)
    S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation)
    S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
    R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
    S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation)
    R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)
    S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)
    R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
    R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [115600 2016-08-08] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [140272 2016-08-08] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-05] (Avira Operations GmbH & Co. KG)
    R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation)
    S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation)
    R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation)
    R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation)
    R3 cmpci; C:\WINDOWS\System32\drivers\cmaudio.sys [379726 2014-08-21] (C-Media Inc)
    R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)
    S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software)
    R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)
    R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.)
    S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation)
    S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation)
    R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation)
    R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation)
    R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)
    R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation)
    R0 FltMgr; C:\WINDOWS\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation)
    U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation)
    R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation)
    R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
    R3 GEARAspiWDM; C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys [26840 2012-08-21] (GEAR Software Inc.)
    R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)
    R3 HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant)
    R3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation)
    R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
    R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
    R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
    R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
    R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation)
    R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)
    S3 Ip6Fw; C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation)
    S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation)
    S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)
    R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation)
    R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)
    S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation)
    R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation)
    R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation)
    S1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation)
    S3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation)
    R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
    R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
    R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation)
    R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation)
    R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation)
    R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2004-08-04] (Microsoft Corporation)
    R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation)
    R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation)
    R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
    R1 Msfs; C:\WINDOWS\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation)
    S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation)
    S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation)
    S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation)
    R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation)
    S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2008-04-14] (Microsoft Corporation)
    R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
    S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
    R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
    R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation)
    R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation)
    R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)
    R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation)
    R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation)
    R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation)
    R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation)
    R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation)
    R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [12648960 2013-02-08] (NVIDIA Corporation)
    R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
    R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [145952 2008-11-12] (NVIDIA Corporation)
    R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
    S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation)
    S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation)
    S3 Parport; C:\WINDOWS\system32\Drivers\Parport.sys [80128 2008-04-14] (Microsoft Corporation)
    R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)
    S2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation)
    R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)
    R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2004-08-04] (Microsoft Corporation)
    S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation)
    R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation)
    R1 Processor; C:\WINDOWS\System32\DRIVERS\processr.sys [35840 2008-04-14] (Microsoft Corporation)
    R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
    R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.)
    S3 QCMerced; C:\WINDOWS\System32\DRIVERS\LVCM.sys [1317152 2005-05-27] ()
    R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation)
    R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation)
    R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation)
    R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation)
    R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation)
    R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation)
    R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-14] (Microsoft Corporation)
    S3 RDPWD; C:\WINDOWS\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)
    R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
    S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    S2 Serial; C:\WINDOWS\system32\Drivers\Serial.sys [64512 2008-04-14] (Microsoft Corporation)
    S1 Sfloppy; C:\WINDOWS\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation)
    S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
    S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation)
    R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
    R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
    R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-06-10] (Avira Operations GmbH & Co. KG)
    S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
    R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation)
    S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation)
    R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation)
    R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
    S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
    S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
    R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
    S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation)
    R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)
    S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2014-08-15] (Apple, Inc.)
    S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft Corporation)
    R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation)
    R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)
    R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)
    R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17152 2008-04-14] (Microsoft Corporation)
    R3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-14] (Microsoft Corporation)
    R3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation)
    S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation)
    R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation)
    R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation)
    R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation)
    R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation)
    U3 Winsock; no ImagePath
    S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
    S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
    S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
    S4 Abiosdsk; no ImagePath
    S4 abp480n5; no ImagePath
    S4 adpu160m; no ImagePath
    S4 Aha154x; no ImagePath
    S4 aic78u2; no ImagePath
    S4 aic78xx; no ImagePath
    S4 AliIde; no ImagePath
    S4 amsint; no ImagePath
    S4 asc; no ImagePath
    S4 asc3350p; no ImagePath
    S4 asc3550; no ImagePath
    S4 Atdisk; no ImagePath
    S4 cd20xrnt; no ImagePath
    S1 Changer; no ImagePath
    S4 CmdIde; no ImagePath
    S4 Cpqarray; no ImagePath
    U4 dac2w2k; no ImagePath
    S4 dac960nt; no ImagePath
    S4 dpti2o; no ImagePath
    S4 hpn; no ImagePath
    S1 i2omgmt; no ImagePath
    S4 i2omp; no ImagePath
    S4 ini910u; no ImagePath
    S4 IntelIde; no ImagePath
    S1 lbrtfdc; no ImagePath
    S4 mraid35x; no ImagePath
    S1 PCIDump; no ImagePath
    S3 PDCOMP; no ImagePath
    S3 PDFRAME; no ImagePath
    S3 PDRELI; no ImagePath
    S3 PDRFRAME; no ImagePath
    S4 perc2; no ImagePath
    S4 perc2hib; no ImagePath
    S4 ql1080; no ImagePath
    S4 Ql10wnt; no ImagePath
    S4 ql12160; no ImagePath
    S4 ql1240; no ImagePath
    S4 ql1280; no ImagePath
    S4 Simbad; no ImagePath
    S4 Sparrow; no ImagePath
    S4 symc810; no ImagePath
    S4 symc8xx; no ImagePath
    S4 sym_hi; no ImagePath
    S4 sym_u3; no ImagePath
    S4 TosIde; no ImagePath
    S4 ultra; no ImagePath
    S4 ViaIde; no ImagePath
    S3 WDICA; no ImagePath
    U1 WS2IFSL; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-10 19:08 - 2016-08-10 19:08 - 00187179 _____ C:\Documents and Settings\Wayne\My Documents\WAYNE-6A7649B9E Speccy Scan.txt
    2016-08-10 18:59 - 2016-08-10 18:59 - 00187223 _____ C:\Documents and Settings\Wayne\Desktop\WAYNE-6A7649B9E.txt
    2016-08-10 18:56 - 2016-08-10 18:56 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
    2016-08-10 18:56 - 2016-08-10 18:56 - 00000000 ____D C:\Program Files\Speccy
    2016-08-10 18:56 - 2016-08-10 18:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
    2016-08-10 18:53 - 2016-08-10 18:53 - 00000869 _____ C:\Documents and Settings\Wayne\My Documents\VEW Application.txt
    2016-08-10 18:45 - 2016-08-10 18:46 - 00000000 ____D C:\Program Files\GUM70.tmp
    2016-08-10 18:37 - 2016-08-10 18:37 - 00002813 _____ C:\Documents and Settings\Wayne\My Documents\VEW Error and System.txt
    2016-08-10 18:34 - 2016-08-10 18:38 - 00000869 _____ C:\VEW.txt
    2016-08-10 18:18 - 2016-08-10 18:16 - 00061440 _____ ( ) C:\Documents and Settings\Wayne\Desktop\VEW(1).exe
    2016-08-10 08:43 - 2016-08-10 08:43 - 00000293 _____ C:\Documents and Settings\Wayne\Desktop\Shortcut (2) to Display.lnk
    2016-08-09 21:16 - 2016-08-09 22:12 - 00000000 ____D C:\Documents and Settings\Wayne\Desktop\DROPBOX IV
    2016-08-09 21:12 - 2016-08-09 21:12 - 00000744 _____ C:\Documents and Settings\Wayne\Desktop\Shortcut to FILES SUPPORTED BY WINDOWS MOVIE MAKER AND NERO.lnk
    2016-08-02 22:29 - 2016-08-02 23:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-07-28 13:08 - 2016-07-28 13:08 - 00000000 ____D C:\Documents and Settings\Wayne\Desktop\MY MUSIC
    2016-07-28 10:43 - 2016-07-28 10:43 - 00000430 _____ C:\Documents and Settings\Wayne\Desktop\Shortcut to MY MUSIC.lnk
    2016-07-27 23:35 - 2016-07-27 23:35 - 00008915 _____ C:\Documents and Settings\Wayne\My Documents\Audio1 WHEN YOU GO BACK TO HIM 2016a.nra
    2016-07-27 16:36 - 2016-07-27 16:36 - 00000000 ____D C:\Program Files\Responsive Software
    2016-07-27 16:36 - 2016-07-27 16:36 - 00000000 ____D C:\Program Files\Common Files\Borland Shared
    2016-07-27 16:36 - 2016-07-27 16:36 - 00000000 ____D C:\Documents and Settings\Wayne\Start Menu\Programs\Responsive Software
    2016-07-26 20:26 - 2016-07-26 20:26 - 00000217 _____ C:\Documents and Settings\Wayne\My Documents\Audio1 WHEN YOU GO BACK TO HIM 2016.nra
    2016-07-26 00:45 - 2016-07-26 00:43 - 00152600 _____ C:\Documents and Settings\Wayne\Desktop\NeroBurningRom_Enu.zip
    2016-07-25 20:59 - 2016-07-25 20:59 - 00000821 _____ C:\Documents and Settings\Wayne\Desktop\dBpoweramp.lnk
    2016-07-25 20:58 - 2016-07-25 20:58 - 00000000 ____D C:\Program Files\SpoonUninstall
    2016-07-25 20:58 - 2016-07-25 20:58 - 00000000 ____D C:\Program Files\Illustrate
    2016-07-25 20:58 - 2016-07-25 20:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\dBpoweramp
    2016-07-25 18:47 - 1994-12-31 21:35 - 00000044 _____ C:\Documents and Settings\Wayne\My Documents\Track07 Walk Away Waltze.cda
    2016-07-25 18:46 - 1994-12-31 21:31 - 00000044 _____ C:\Documents and Settings\Wayne\My Documents\Track06 You're All That's Left of Me.cda
    2016-07-25 18:45 - 1994-12-31 21:27 - 00000044 _____ C:\Documents and Settings\Wayne\My Documents\Track05 She's Not Looking Now.cda
    2016-07-25 18:42 - 1994-12-31 21:20 - 00000044 _____ C:\Documents and Settings\Wayne\My Documents\Track04 There's No Coming Back in Your Heart.cda
    2016-07-25 18:41 - 1994-12-31 21:09 - 00000044 _____ C:\Documents and Settings\Wayne\My Documents\Track02 I Know You're Married.cda
    2016-07-25 18:38 - 1994-12-31 21:16 - 00000044 _____ C:\Documents and Settings\Wayne\My Documents\Track03 I Can't.cda
    2016-07-25 18:36 - 1994-12-31 21:00 - 00000044 _____ C:\Documents and Settings\Wayne\My Documents\The Shoes He Left Behind.cda
    2016-07-25 18:35 - 2016-07-25 20:19 - 00000000 ____D C:\Documents and Settings\Wayne\Desktop\Songs for CD Revisited
    2016-07-25 18:30 - 2016-07-28 00:18 - 00000000 ____D C:\Documents and Settings\Wayne\Application Data\MPC-HC
    2016-07-25 08:58 - 2016-07-25 08:58 - 00000749 _____ C:\Documents and Settings\Wayne\Desktop\Shortcut to The Letter Edged in Black and other songs for CD.lnk
    2016-07-20 15:53 - 2016-07-20 15:53 - 00084992 _____ C:\Documents and Settings\Wayne\Desktop\TWINK WITH BUTTPLUG.MSWMM
    2016-07-19 13:56 - 2016-08-10 22:54 - 00012288 _____ C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-07-19 13:49 - 2016-07-19 13:49 - 00000658 _____ C:\WINDOWS\Tasks\klcp_update.job
    2016-07-19 09:30 - 2016-07-19 09:30 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\Downloads II
    2016-07-18 16:50 - 2016-08-10 23:26 - 00000000 ____D C:\Documents and Settings\Wayne\Desktop\DROPBOX III
    2016-07-18 08:49 - 2016-08-05 10:31 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\Dropbox II
    2016-07-14 09:20 - 2016-07-14 09:20 - 19527360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
    2016-07-12 22:25 - 2016-07-25 22:13 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\MY MUSIC

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-11 12:24 - 2015-05-08 12:09 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-08-11 12:23 - 2014-08-20 21:59 - 00000000 ____D C:\Documents and Settings\Wayne\Local Settings\Temp
    2016-08-11 12:22 - 2015-07-26 10:23 - 00000000 ____D C:\FRST
    2016-08-11 12:22 - 2015-02-06 23:45 - 00000000 ___RD C:\Documents and Settings\Wayne\My Documents\Dropbox
    2016-08-11 12:18 - 2014-09-14 07:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-08-11 12:10 - 2014-08-21 18:33 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{C0CFDEAB-609B-4932-A18D-FA7764138099}.job
    2016-08-11 11:27 - 2014-10-10 18:27 - 00000414 _____ C:\WINDOWS\Tasks\At2.job
    2016-08-11 10:20 - 2014-08-23 20:18 - 00000000 ____D C:\Documents and Settings\Wayne\Application Data\vlc
    2016-08-11 10:00 - 2014-08-20 21:59 - 00000000 ___RD C:\Documents and Settings\Wayne\My Documents\My Pictures
    2016-08-11 09:14 - 2014-09-19 12:58 - 00000000 ____D C:\WINDOWS\system32\NtmsData
    2016-08-11 09:09 - 2014-08-20 21:51 - 00000000 ____D C:\WINDOWS\Registration
    2016-08-11 08:58 - 2004-08-04 09:00 - 00012984 _____ C:\WINDOWS\system32\wpa.dbl
    2016-08-11 08:55 - 2015-09-27 18:48 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
    2016-08-11 08:54 - 2015-05-08 12:09 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-08-11 08:54 - 2014-08-21 19:24 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2016-08-11 08:54 - 2014-08-20 21:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-08-11 00:39 - 2015-12-18 00:13 - 01065936 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2016-08-11 00:39 - 2014-08-20 21:58 - 00032614 _____ C:\WINDOWS\SchedLgU.Txt
    2016-08-11 00:38 - 2014-09-02 12:19 - 00222918 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2016-08-11 00:38 - 2014-08-20 21:59 - 00000178 ___SH C:\Documents and Settings\Wayne\ntuser.ini
    2016-08-11 00:38 - 2014-08-20 21:59 - 00000000 ____D C:\Documents and Settings\Wayne
    2016-08-10 23:34 - 2014-08-23 15:14 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
    2016-08-10 22:40 - 2014-08-23 17:53 - 00000000 ____D C:\Documents and Settings\Wayne\Desktop\Ant Videos
    2016-08-10 22:28 - 2014-08-23 15:56 - 00000000 ____D C:\Documents and Settings\Wayne\Local Settings\Application Data\WMTools Downloaded Files
    2016-08-10 20:02 - 2014-09-02 12:19 - 03057200 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1343024091-2052111302-1177238915-1003-0.dat
    2016-08-10 19:08 - 2014-08-20 21:59 - 00000000 ___RD C:\Documents and Settings\Wayne\My Documents
    2016-08-10 18:46 - 2014-10-10 19:49 - 00000000 ____D C:\Program Files\Google
    2016-08-09 20:22 - 2015-01-05 16:39 - 00000151 _____ C:\WINDOWS\PhotoSnapViewer.INI
    2016-08-08 18:39 - 2014-09-02 09:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
    2016-08-08 18:31 - 2014-08-21 19:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    2016-08-08 18:16 - 2014-08-21 19:53 - 00140272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
    2016-08-08 18:16 - 2014-08-21 19:53 - 00115600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
    2016-08-08 15:00 - 2014-08-21 19:24 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2016-08-03 20:58 - 2014-10-28 20:34 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\BILL PAYMENTS
    2016-08-03 10:02 - 2014-08-21 19:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-08-03 00:36 - 2015-09-27 18:48 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2016-08-01 20:51 - 2014-08-20 18:36 - 00000000 ____D C:\WINDOWS\Network Diagnostic
    2016-07-31 13:26 - 2014-10-03 18:47 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\GEEKS TO GO ANSWERS
    2016-07-28 13:09 - 2015-02-05 21:35 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\CD PROJECTS COMPLETED
    2016-07-28 10:18 - 2015-08-23 20:03 - 00000000 ____D C:\Documents and Settings\Guest
    2016-07-28 10:18 - 2014-08-20 21:58 - 00000000 __SHD C:\Documents and Settings\NetworkService
    2016-07-28 10:18 - 2014-08-20 21:58 - 00000000 __SHD C:\Documents and Settings\LocalService
    2016-07-27 16:51 - 2014-09-30 13:26 - 00013030 _____ C:\PDOXUSRS.NET
    2016-07-27 16:49 - 2015-12-06 15:01 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\PROGRAM INSTALLATION FILES
    2016-07-27 16:49 - 2015-09-30 19:13 - 00000000 ____D C:\Documents and Settings\Wayne\Desktop\ACCOUNTING
    2016-07-27 13:17 - 2014-08-26 22:02 - 00000000 ____D C:\Documents and Settings\Wayne\Application Data\Image Zone Express
    2016-07-26 22:02 - 2015-02-05 00:46 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\CD ROM COVERS
    2016-07-26 17:06 - 2014-10-01 09:42 - 00000000 ____D C:\Program Files\Recuva
    2016-07-26 11:07 - 2015-11-23 21:45 - 00000000 ____D C:\Program Files\Musette
    2016-07-26 00:01 - 2014-08-26 11:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2016-07-19 17:25 - 2014-08-30 19:18 - 00000000 ____D C:\Documents and Settings\Wayne\My Documents\DVD PROJECTS COMPLETED
    2016-07-19 13:48 - 2014-09-01 15:04 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
    2016-07-19 13:48 - 2014-09-01 15:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
    2016-07-18 09:41 - 2014-08-23 15:55 - 00000000 ___RD C:\Documents and Settings\Wayne\My Documents\My Videos
    2016-07-14 09:21 - 2014-08-21 20:16 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2016-07-14 09:21 - 2014-08-21 20:16 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2016-07-12 18:18 - 2014-08-20 21:52 - 00000000 ____D C:\WINDOWS\system32\Macromed

    ==================== Files in the root of some directories =======

    2016-02-07 18:02 - 2016-02-07 18:02 - 0000000 _____ () C:\Program Files\GUM6F.tmp
    2014-08-25 21:04 - 2014-08-25 21:04 - 0000316 _____ () C:\Documents and Settings\Wayne\Application Data\aps.uninstall.scan.results
    2014-09-29 20:55 - 2014-09-29 20:55 - 0000000 _____ () C:\Documents and Settings\Wayne\Application Data\Hewlett-PackardHP PSC 1400 series1409098626_API.log
    2014-09-29 20:55 - 2014-10-18 22:47 - 0000891 _____ () C:\Documents and Settings\Wayne\Application Data\Hewlett-PackardHP PSC 1400 series1409098626_PROTOCOL.log
    2014-09-29 20:55 - 2014-09-29 20:55 - 0000360 _____ () C:\Documents and Settings\Wayne\Application Data\Hewlett-PackardHP PSC 1400 series1409098626_UI.log
    2014-09-27 22:02 - 2014-09-27 22:03 - 0002051 _____ () C:\Documents and Settings\Wayne\Application Data\HPSU_48BitScanUpdate.log
    2014-09-27 22:02 - 2014-09-27 22:02 - 0030981 _____ () C:\Documents and Settings\Wayne\Application Data\Update_HP_RedboxHprblog_HPSU.log
    2016-07-19 13:56 - 2016-08-10 22:54 - 0012288 _____ () C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-08-24 18:55 - 2015-07-02 18:28 - 0008061 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    2014-10-27 21:50 - 2014-10-27 21:57 - 0000770 _____ () C:\Documents and Settings\All Users\Application Data\Installer.log
    2015-11-16 14:06 - 2015-11-16 14:06 - 0001746 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

    Files to move or delete:
    ====================
    C:\Windows\Tasks\At2.job


    Some files in TEMP:
    ====================
    C:\Documents and Settings\Guest\Local Settings\Temp\avgnt.exe
    C:\Documents and Settings\Guest\Local Settings\Temp\IadHide4.dll
    C:\Documents and Settings\Guest\Local Settings\Temp\NeroSearchTrayHook_{4EC95C7B-3477-4D2D-9610-881E874D417A}.dll
    C:\Documents and Settings\Wayne\Local Settings\Temp\avgnt.exe
    C:\Documents and Settings\Wayne\Local Settings\Temp\IadHide4.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================


    • 0

    #13
    waynf

    waynf

      Member 1K

    • Topic Starter
    • Member
    • PipPipPipPip
    • 1,057 posts

    Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
    alg.exe        1,320 K    3,140 K    2348    Application Layer Gateway Service    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    AppleMobileDeviceService.exe        10,324 K    2,932 K    1384    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
    avgnt.exe        17,732 K    1,280 K    1860    Avira system tray application    Avira Operations GmbH & Co. KG    (Verified) Avira Operations GmbH & Co. KG
    avguard.exe        285,748 K    14,904 K    1076    Antivirus Host Framework Service    Avira Operations GmbH & Co. KG    (Verified) Avira Operations GmbH & Co. KG
    Avira.ServiceHost.exe        52,408 K    6,160 K    3100    Avira Service Host    Avira Operations GmbH & Co. KG    (Verified) Avira Operations GmbH & Co. KG
    Avira.Systray.exe        48,644 K    2,312 K    1464    Avira Launcher    Avira Operations GmbH & Co. KG    (Verified) Avira Operations GmbH & Co. KG
    avshadow.exe        1,960 K    4,636 K    3896    AntiVir shadow copy service    Avira Operations GmbH & Co. KG    (Verified) Avira Operations GmbH & Co. KG
    backWeb-8876480.exe        5,316 K    2,416 K    372    Logitech Desktop Messenger    Logitech    (No signature was present in the subject) Logitech
    CCleaner.exe        9,196 K    2,496 K    424    CCleaner    Piriform Ltd    (Verified) Piriform Ltd
    csrss.exe        1,760 K    2,484 K    592    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    ctfmon.exe        924 K    1,112 K    312    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    dllhost.exe        3,048 K    8,448 K    236    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    explorer.exe        49,232 K    46,780 K    1440    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    firefox.exe        254,540 K    246,524 K    2912    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
    FTBCheckUpdates.exe        1,264 K    1,184 K    204    MyHeritage Family Tree Builder check for updates    MyHeritage    (No signature was present in the subject) MyHeritage
    FxSvr2.exe        2,140 K    1,652 K    2028    QuickCam Framework Server    Logitech Inc.    (No signature was present in the subject) Logitech Inc.
    hpqste08.exe        12,324 K    10,740 K    1484    HP CUE Status    Hewlett-Packard Co.    (No signature was present in the subject) Hewlett-Packard Co.
    hpqtra08.exe        4,992 K    7,616 K    552    HP Digital Imaging Monitor    Hewlett-Packard Co.    (No signature was present in the subject) Hewlett-Packard Co.
    hprblog.exe        816 K    2,164 K    1348    Hewlett-Packard Product Assistant    Hewlett-Packard Co.    (No signature was present in the subject) Hewlett-Packard Co.
    hpwuSchd2.exe        600 K    696 K    1940    Hewlett-Packard Product Assistant    Hewlett-Packard Co.    (No signature was present in the subject) Hewlett-Packard Co.
    HPZipm12.exe        748 K    1,136 K    2084    PML Driver    HP    (No signature was present in the subject) HP
    iPodService.exe        2,972 K    3,512 K    2212    iPodService Module (32-bit)    Apple Inc.    (Verified) Apple Inc.
    iTunesHelper.exe        10,780 K    5,072 K    1892    iTunesHelper    Apple Inc.    (Verified) Apple Inc.
    jqs.exe        2,708 K    1,420 K    872    Java Quick Starter Service    Oracle Corporation    (Verified) Oracle America
    LogiTray.exe        4,492 K    1,940 K    1876    ImageStudio Tray Application    Logitech Inc.    (No signature was present in the subject) Logitech Inc.
    lsass.exe        4,076 K    3,172 K    676    LSA Shell (Export Version)    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    LVCOMSX.EXE        2,272 K    1,632 K    1868    LVCom Server    Logitech Inc.    (No signature was present in the subject) Logitech Inc.
    mDNSResponder.exe        1,004 K    1,520 K    832    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
    MFManager.exe        21,052 K    9,952 K    640    MFManager        (No signature was present in the subject)
    msdtc.exe        1,892 K    5,136 K    3668    MS DTC console program    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    msfeedssync.exe        836 K    3,060 K    3744    Microsoft Feeds Synchronization    Microsoft Corporation    (Verified) Microsoft Windows
    NMBgMonitor.exe        5,668 K    5,664 K    388    Nero Home    Nero AG    (Verified) Nero AG
    NMIndexingService.exe        6,216 K    7,920 K    2372    Nero Home    Nero AG    (Verified) Nero AG
    NMIndexStoreSvr.exe        15,396 K    18,188 K    2516    Nero Home    Nero AG    (Verified) Nero AG
    notepad.exe        1,380 K    3,804 K    712    Notepad    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    notepad.exe        1,184 K    3,580 K    568    Notepad    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    procexp.exe        27,512 K    32,028 K    2672    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
    sched.exe        11,356 K    1,756 K    1668    Antivirus Host Framework Service    Avira Operations GmbH & Co. KG    (Verified) Avira Operations GmbH & Co. KG
    SDTray.exe        16,600 K    11,244 K    168    Spybot - Search & Destroy tray access    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
    SDUpdSvc.exe        7,684 K    2,888 K    2828    Spybot-S&D 2 Background update service    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
    services.exe        1,828 K    2,584 K    664    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    smss.exe        172 K    108 K    528    Windows NT Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    spoolsv.exe        3,820 K    2,408 K    1580    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    SSScheduler.exe        1,752 K    600 K    992    McAfee Security Scanner Scheduler    McAfee, Inc.    (Verified) McAfee
    svchost.exe        3,288 K    2,928 K    860    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    svchost.exe        2,076 K    2,304 K    944    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    svchost.exe        18,844 K    23,248 K    1040    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    svchost.exe        2,020 K    2,396 K    1168    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    svchost.exe        1,328 K    1,336 K    544    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    svchost.exe        2,628 K    2,476 K    2964    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    svchost.exe        1,408 K    3,140 K    2492    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    winlogon.exe        7,832 K    3,964 K    620    Windows NT Logon Application    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    wmiprvse.exe        2,336 K    4,928 K    928    WMI    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
    WPFFontCache_v0400.exe        1,928 K    6,772 K    1784    wpffontcache_v0400.exe    Microsoft Corporation    (Verified) Microsoft Corporation
    YahooAUService.exe        3,060 K    764 K    2996    AutoUpater Service Module    Yahoo! Inc.    (Verified) Yahoo! Inc.
    Interrupts    < 0.01    0 K    0 K    n/a    Hardware Interrupts and DPCs        
    System    1.56    0 K    68 K    4            
    System Idle Process    98.44    0 K    28 K    0            
     


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 7 Update 67
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    Uninstall:
     
    Spybot S&D - no longer recommended-  have it remove any immunizations it has done.
     
    McAfee Security Scan Plus - worthless foistware
     
    Yahoo! Toolbar  -  foistware 
     
     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   20.04KB   40 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
     

    • 0

    #15
    waynf

    waynf

      Member 1K

    • Topic Starter
    • Member
    • PipPipPipPip
    • 1,057 posts

    The last time I tried to upgrade Java to latest version I got a message that XP wasn't up to date for the update and asked me to upgrade from XP to later O.S.  I thought Java was a necessity.

     

    What is Foistware?


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP