Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Startup Menu File Missing, Desktop with no taskbar, icons, or start bu


  • Please log in to reply

#46
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts
Do I have to give it an ".exe" extension?
  • 0

Advertisements


#47
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

no.  Notepad will automatically add the needed .txt to make it fixlist.txt


  • 0

#48
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

FRST is not acknowledging the fixlist even though its is in the same folder called "Downloads II.


  • 0

#49
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Let's make sure you can see the extensions:

 

Close all programs so that you are at your desktop.
    Double-click on the My Computer icon.
    Select the Tools menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button .
 
Now you can see the extensions.  Does it say fixlist.txt ?
 
You can make your own if you want.  Copy the text between the lines of *'s (do not include the stars).
 
*******************
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SystweakASP] => /verysilent
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SearchProtection] => "C:\Documents and Settings\Wayne\Application Data\Search Protection\SearchProtection.EXE" /autostart
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\CurrentVersion\Windows: [Run]   <===== ATTENTION
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-06-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 - (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> DefaultScope {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_41_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCzytB0FyDtB0F0A0FyCyCtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0A0D0DzzyD0C0AtGtD0ByDtDtG0C0ByEzytGtAzz0F0EtGtAzyyEtC0CtD0EzztAtA0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzz0A0CyE0AzytG0D0CzyzytGyEyB0CyDtG0Azy0EzytG0ByByBtCtC0CyDtCtAtA0E0D2Q&cr=1640802568&ir=
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_41_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCzytB0FyDtB0F0A0FyCyCtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0A0D0DzzyD0C0AtGtD0ByDtDtG0C0ByEzytGtAzz0F0EtGtAzyyEtC0CtD0EzztAtA0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzz0A0CyE0AzytG0D0CzyzytGyEyB0CyDtG0Azy0EzytG0ByByBtCtC0CyDtCtAtA0E0D2Q&cr=1640802568&ir=
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {E5B4158F-E345-4115-BE5A-4CE6C25171E2} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCzytB0FyDtB0F0A0FyCyCtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtA0FyE0EtDtAyCtGzz0AyEtCtGtD0B0BzztGzz0Fzz0CtGyBtDtB0AtB0B0C0CyBtA0Azy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0ByBtB0CyCtGyDtD0CtDtGyEyE0EyBtG0ByEtBtBtGzyyEtD0C0A0Dzz0AtA0FtCtD2Q&cr=1234388902&ir=
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll [2016-05-24] (Yahoo! Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-21] (Oracle Corporation)
BHO: Ask Search Assistant BHO -> {9CB65201-89C4-402c-BA80-02D8C59F9B1D} -> C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)
BHO: Ask Toolbar BHO -> {FE063DB1-4EC0-403e-8DD8-394C54984B2C} -> C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL => No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll [2016-05-24] (Yahoo! Inc.)
Toolbar: HKLM - Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF user.js: detected! => C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\user.js [2014-11-02]
FF SearchPlugin: C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\Astromenda.xml [2014-11-02]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) [2014-08-26] [not signed]
FF HKLM\...\Mozilla Firefox 48.0\Extensions: [Components] - C:\Program Files\Mozilla Firefox\components => not found
FF HKLM\...\Mozilla Firefox 48.0\Extensions: [Plugins] - C:\Program Files\Mozilla Firefox\plugins => not found
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-05-08] (Google Inc.)
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-05-08] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 YahooAUService; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392 2008-11-09] (Yahoo! Inc.)
R3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{00157407-506A-43C8-ABED-0F6E896D2261}
2016-08-11 11:27 - 2014-10-10 18:27 - 00000414 _____ C:\WINDOWS\Tasks\At2.job
2016-08-11 08:55 - 2015-09-27 18:48 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-08-11 08:54 - 2015-05-08 12:09 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-11 08:54 - 2014-08-21 19:24 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-08-08 15:00 - 2014-08-21 19:24 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-08-03 00:36 - 2015-09-27 18:48 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-02-07 18:02 - 2016-02-07 18:02 - 0000000 _____ () C:\Program Files\GUM6F.tmp
C:\Windows\Tasks\At2.job
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Wayne\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Wayne\Application Data\Dropbox\bin\Dropbox.exe /wiacallback => No File
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\Wayne\APPLIC~1\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\klcp_update.job => CMD /C sc create KLCPU binPath CMD /V /C SET \FILE \ ProgramFiles \ Lite Codec Pack Tools CodecTweakTool exe\\ IF EXIST FILE START \CTT\ FILE /verysilent /update /freq 30 type own type interact net start KLCPU sc delete KLCPU CMD Wayne
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Documents and Settings\Guest\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Guest\Local Settings\Temp\IadHide4.dll
C:\Documents and Settings\Guest\Local Settings\Temp\NeroSearchTrayHook_{4EC95C7B-3477-4D2D-9610-881E874D417A}.dll
C:\Documents and Settings\Wayne\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Wayne\Local Settings\Temp\IadHide4.dll
2015-09-27 18:46 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-27 18:46 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-27 18:46 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
***************************************
 
Open Notepad (Start, All Programs, Accessories, Notepad).  Edit, Paste the copied lines should appear.  File, Save AS, to the same folder as Frst.exe, call it fixlist make sure it says Save as type: Text Documents (.txt) and Save
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

  • 0

#50
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

No it doesn't say fixlist.txt.  Its says "Addition.txt"


  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Addition.txt is created when you run a FRST Scan with the Addition.txt box checked.


  • 0

#52
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

I just tried to run FRST and when i pressed fix the first time it said it was updated and set for use.  Then I cliked on Fix and I got same notification that no fixlist could be found


  • 0

#53
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Let's see if we can use OTL:

 

Download OTL from
and Save it to your desktop.
 
Run OTL by double clicking.
 
 
select the All option in the Extra Registry group then Run Scan.
 
You should get two logs.  Please copy and paste both of them.

  • 0

#54
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

OTL logfile created on: 8/18/2016 8:36:30 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.42 Mb Total Physical Memory | 199.57 Mb Available Physical Memory | 20.82% Memory free
3.67 Gb Paging File | 2.77 Gb Available in Paging File | 75.66% Paging File free
Paging file location(s): C:\pagefile.sys 2880 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 27.49 Gb Free Space | 36.89% Space Free | Partition Type: NTFS
 
Computer Name: WAYNE-6A7649B9E | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016/08/18 08:02:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
PRC - [2016/08/08 18:08:05 | 000,472,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2016/08/08 18:07:58 | 000,462,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2016/08/08 18:07:56 | 000,831,064 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2016/08/08 18:07:56 | 000,472,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2016/08/02 22:30:06 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2016/07/11 11:03:10 | 000,151,776 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\Launcher\Avira.Systray.exe
PRC - [2016/07/11 11:01:40 | 000,309,384 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
PRC - [2016/01/15 17:43:14 | 006,628,056 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2015/03/02 06:03:36 | 002,477,056 | ---- | M] (MyHeritage) -- C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
PRC - [2014/10/27 21:51:10 | 000,020,480 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2013/10/03 11:42:30 | 000,069,120 | ---- | M] () -- C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
PRC - [2008/11/09 17:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/16 10:27:38 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/05/16 10:27:16 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/13 04:20:34 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/10/27 21:51:10 | 000,143,360 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll
MOD - [2014/10/27 21:51:10 | 000,114,688 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll
MOD - [2014/10/27 21:51:10 | 000,049,152 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll
MOD - [2014/10/27 21:51:10 | 000,020,480 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll
MOD - [2014/10/27 21:51:10 | 000,020,480 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
MOD - [2014/10/03 07:24:30 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
MOD - [2014/10/03 07:24:16 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dd733c6f1f9f50f3517d48da5bea80d2\System.ServiceModel.ni.dll
MOD - [2014/10/02 20:58:47 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\7612d2ecdf9c6beedc264e9390e97b0f\System.Management.ni.dll
MOD - [2014/10/02 20:58:36 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fe7c09c37b8b39bd894d6a225f9ca01b\System.IdentityModel.ni.dll
MOD - [2014/10/02 18:59:58 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8556fa9ad747e43a85e107dbeb42659e\System.Runtime.Remoting.ni.dll
MOD - [2014/10/02 18:59:55 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.ni.dll
MOD - [2014/10/02 18:59:55 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.Wrapper.dll
MOD - [2014/10/02 18:59:54 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll
MOD - [2014/10/02 18:59:53 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\469dd20488c4a9606abe21189a3c1ab9\System.Runtime.DurableInstancing.ni.dll
MOD - [2014/10/02 18:59:51 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\27bdc6196968e44234654e30e1028750\SMDiagnostics.ni.dll
MOD - [2014/10/02 18:59:50 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll
MOD - [2014/10/02 18:59:46 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\05be173cbacba4b7604a67a267acdfe4\System.Xml.Linq.ni.dll
MOD - [2014/10/02 18:59:45 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d116eda30a35c490e59221b0ebac6fcd\System.Xaml.ni.dll
MOD - [2014/10/01 23:48:07 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bd52c6f899032f62270379681f559c41\PresentationFramework.Classic.ni.dll
MOD - [2014/10/01 23:48:02 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9aafa1869d136f77bc483f25d0795229\PresentationFramework.ni.dll
MOD - [2014/10/01 23:47:37 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\b307821c69c09ed0a2ee47122fdcdd4d\PresentationCore.ni.dll
MOD - [2014/10/01 23:47:19 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\49605239a73cd565e3a08048a31b442e\WindowsBase.ni.dll
MOD - [2014/10/01 23:42:11 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll
MOD - [2014/10/01 23:41:54 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\b5f67ff59d386021c43b1ee400c00feb\System.Data.ni.dll
MOD - [2014/10/01 23:41:44 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll
MOD - [2014/10/01 23:41:39 | 002,553,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\70995df0f70bcaffe432672c91f3f2d3\System.Data.Linq.ni.dll
MOD - [2014/10/01 23:40:42 | 000,690,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\5e3ae38fa95746e42867479658c0a791\System.ComponentModel.Composition.ni.dll
MOD - [2014/10/01 23:40:39 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\8fa7f2d6cc4122c7102a02586074a183\System.Numerics.ni.dll
MOD - [2014/10/01 23:40:34 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
MOD - [2014/10/01 23:40:26 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
MOD - [2014/10/01 23:40:20 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a4b5a1a06d2d7f77258943c8c228a5e0\System.Core.ni.dll
MOD - [2014/10/01 23:40:04 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014/10/01 23:39:53 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2014/07/31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/10/03 11:42:30 | 000,112,128 | ---- | M] () -- C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
MOD - [2013/10/03 11:42:30 | 000,069,120 | ---- | M] () -- C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
MOD - [2013/01/02 03:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2016/08/08 18:08:05 | 000,472,112 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2016/08/08 18:07:58 | 001,251,840 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2016/08/08 18:07:56 | 000,970,632 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2016/08/08 18:07:56 | 000,472,112 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2016/08/02 22:30:05 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/07/14 09:22:32 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/07/11 11:01:40 | 000,309,384 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe -- (Avira.ServiceHost)
SRV - [2008/11/09 17:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2016/08/08 18:16:47 | 000,140,272 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2016/08/08 18:16:47 | 000,115,600 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2015/06/10 09:50:11 | 000,031,848 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2015/05/05 09:59:09 | 000,037,896 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2014/08/21 18:37:54 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci)
DRV - [2008/11/12 17:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/08/01 11:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 11:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/05/27 06:32:52 | 001,317,152 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 06:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2001/08/17 10:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...=yset_ie_syc_tb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 D7 91 1F E9 E6 D1 01  [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{18FB97BB-B194-4ADD-A0C8-2F72BF8A03F8}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266}: "URL" = http://astromenda.co...=1640802568&ir=
IE - HKCU\..\SearchScopes\{E5B4158F-E345-4115-BE5A-4CE6C25171E2}: "URL" = http://astromenda.co...=1234388902&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "CA"
FF - prefs.js..browser.search.defaultenginename.US: "Avira SafeSearch"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: " www.google.ca"
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.43
FF - prefs.js..extensions.enabledAddons: %7B7b8a500a-a464-4624-bd4f-73eaafe0f766%7D:3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:48.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 48.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 48.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014/08/21 20:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions
[2016/07/19 13:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions
[2014/08/26 07:46:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2016/07/19 13:49:56 | 000,000,000 | ---D | M] ("Video AdBlock") -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766}
[2015/07/02 11:19:36 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\[email protected](2).com
[2015/07/23 21:49:09 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\[email protected](2).com
[2016/06/28 23:01:40 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\[email protected]
[2016/06/11 16:46:30 | 000,211,994 | ---- | M] () (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\[email protected]
[2016/08/16 13:01:57 | 000,006,351 | ---- | M] () (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\features\{a8d5809b-dd42-4179-a678-e926810c48be}\[email protected]
[2016/08/16 13:01:57 | 000,781,661 | ---- | M] () (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\features\{a8d5809b-dd42-4179-a678-e926810c48be}\[email protected]
[2016/08/16 13:02:15 | 002,034,437 | ---- | M] () (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\features\{a8d5809b-dd42-4179-a678-e926810c48be}\[email protected]
[2014/11/02 11:25:21 | 000,002,851 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\Astromenda.xml
[2015/11/30 10:07:48 | 000,001,384 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\avira-safesearch-1.xml
[2015/11/18 01:33:48 | 000,001,384 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\avira-safesearch.xml
[2016/08/02 22:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
 
O1 HOSTS File: ([2016/05/11 13:51:05 | 000,000,763 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 0.0.0.1    mssplus.mcafee.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira SystrayStartTrigger] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [SearchProtection] "C:\Documents and Settings\Wayne\Application Data\Search Protection\SearchProtection.EXE" /autostart File not found
O4 - HKCU..\Run: [SpybotPostWindows10UpgradeReInstall] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SystweakASP] /verysilent File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk = C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1408657331890(WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D98C928-558B-4F90-989D-BAC157AE0070}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Wayne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wayne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/08/20 21:54:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/08/18 08:33:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wayne\Recent
[2016/08/18 08:02:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2016/08/15 09:21:58 | 001,744,896 | ---- | C] (Farbar) -- C:\Documents and Settings\Wayne\Desktop\FRST.exe
[2016/08/15 08:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\FIRST(1)
[2016/08/10 18:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2016/08/10 18:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2016/08/02 22:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2016/07/28 13:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\MY MUSIC
[2016/07/27 16:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Responsive Software
[2016/07/27 16:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Start Menu\Programs\Responsive Software
[2016/07/27 16:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2016/07/25 20:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\SpoonUninstall
[2016/07/25 20:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\dBpoweramp
[2016/07/25 20:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Illustrate
[2016/07/25 18:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Songs for CD Revisited
[2016/07/25 18:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\MPC-HC
[2016/07/19 09:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\Downloads II
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016/08/18 08:46:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C0CFDEAB-609B-4932-A18D-FA7764138099}.job
[2016/08/18 08:29:27 | 000,012,984 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2016/08/18 08:27:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2016/08/18 08:26:25 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2016/08/18 08:26:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2016/08/18 08:26:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/08/18 08:18:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/08/18 08:02:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2016/08/18 07:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2016/08/17 12:06:46 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2016/08/17 09:51:01 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2016/08/17 09:07:23 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2016/08/16 16:19:11 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2016/08/15 09:22:10 | 001,744,896 | ---- | M] (Farbar) -- C:\Documents and Settings\Wayne\Desktop\FRST.exe
[2016/08/12 09:49:27 | 000,001,167 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2016/08/10 18:56:27 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2016/08/10 18:16:04 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Wayne\Desktop\VEW(1).exe
[2016/08/10 08:43:56 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut (2) to Display.lnk
[2016/08/09 21:12:46 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to FILES SUPPORTED BY WINDOWS MOVIE MAKER AND NERO.lnk
[2016/08/08 18:16:47 | 000,140,272 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2016/08/08 18:16:47 | 000,115,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2016/08/08 15:00:00 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2016/07/28 10:43:17 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to MY MUSIC.lnk
[2016/07/27 23:35:28 | 000,008,915 | ---- | M] () -- C:\Documents and Settings\Wayne\My Documents\Audio1 WHEN YOU GO BACK TO HIM 2016a.nra
[2016/07/26 20:26:54 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Wayne\My Documents\Audio1 WHEN YOU GO BACK TO HIM 2016.nra
[2016/07/26 00:43:52 | 000,152,600 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\NeroBurningRom_Enu.zip
[2016/07/25 22:38:05 | 002,649,042 | ---- | M] () -- C:\Documents and Settings\Wayne\My Documents\Track10 Somewhere Between You and Me.mp3
[2016/07/25 22:34:08 | 002,863,694 | ---- | M] () -- C:\Documents and Settings\Wayne\My Documents\Track12 To Show I'm Loving You.mp3
[2016/07/25 20:59:04 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\dBpoweramp.lnk
[2016/07/25 08:58:53 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to The Letter Edged in Black and other songs for CD.lnk
[2016/07/19 13:49:14 | 000,000,658 | ---- | M] () -- C:\WINDOWS\tasks\klcp_update.job
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016/08/10 18:56:27 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2016/08/10 18:18:27 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Wayne\Desktop\VEW(1).exe
[2016/08/10 08:43:56 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut (2) to Display.lnk
[2016/08/09 21:12:46 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to FILES SUPPORTED BY WINDOWS MOVIE MAKER AND NERO.lnk
[2016/07/28 10:43:17 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to MY MUSIC.lnk
[2016/07/27 23:35:28 | 000,008,915 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Audio1 WHEN YOU GO BACK TO HIM 2016a.nra
[2016/07/26 20:26:54 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Audio1 WHEN YOU GO BACK TO HIM 2016.nra
[2016/07/26 00:45:34 | 000,152,600 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\NeroBurningRom_Enu.zip
[2016/07/25 20:59:04 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\dBpoweramp.lnk
[2016/07/25 20:10:58 | 002,863,694 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Track12 To Show I'm Loving You.mp3
[2016/07/25 20:02:39 | 003,902,927 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Track11 Am I Right Or Am I Wrong.mp3
[2016/07/25 19:44:48 | 002,649,042 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Track10 Somewhere Between You and Me.mp3
[2016/07/25 19:39:28 | 003,464,362 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Track 09 When Kisses Aren't Enough.mp3
[2016/07/25 19:34:55 | 001,676,583 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Tracl08 Cursed the Day You Left Me Down.mp3
[2016/07/25 18:47:40 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Track07 Walk Away Waltze.cda
[2016/07/25 18:46:32 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Track06 You're All That's Left of Me.cda
[2016/07/25 18:45:19 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Track05 She's Not Looking Now.cda
[2016/07/25 18:42:44 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Track04 There's No Coming Back in Your Heart.cda
[2016/07/25 18:41:37 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Track02 I Know You're Married.cda
[2016/07/25 18:38:32 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\Track03 I Can't.cda
[2016/07/25 18:36:02 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Wayne\My Documents\The Shoes He Left Behind.cda
[2016/07/25 08:58:53 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to The Letter Edged in Black and other songs for CD.lnk
[2016/07/19 13:56:04 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2016/07/19 13:49:13 | 000,000,658 | ---- | C] () -- C:\WINDOWS\tasks\klcp_update.job
[2015/12/18 00:13:06 | 001,065,936 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2015/11/18 13:38:32 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2015/11/16 14:06:41 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2015/10/06 22:47:12 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2015/10/01 17:47:10 | 000,001,167 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2015/07/02 18:19:53 | 000,112,886 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2015/07/02 18:19:53 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2015/06/19 12:43:41 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2015/06/03 20:38:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2015/06/03 20:37:58 | 000,036,932 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2015/06/03 20:37:58 | 000,028,165 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2015/06/03 20:37:58 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2015/06/03 20:37:57 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2015/06/03 20:16:02 | 000,000,411 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2015/06/03 20:16:01 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2015/01/07 01:18:21 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\Wayne\default.pls
[2015/01/05 16:39:03 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2014/11/30 16:22:58 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2014/11/08 19:05:48 | 000,042,576 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2014/10/28 11:00:23 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2014/10/28 11:00:22 | 001,317,152 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2014/10/27 21:53:26 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2014/10/27 21:51:10 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2014/10/01 23:29:16 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2014/10/01 23:29:16 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2014/10/01 23:29:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2014/09/29 20:55:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2014/09/27 22:02:57 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2014/09/27 22:02:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2014/09/02 12:19:49 | 003,057,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1343024091-2052111302-1177238915-1003-0.dat
[2014/09/02 12:19:47 | 000,222,918 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/09/01 15:04:44 | 000,218,200 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2014/08/26 20:47:04 | 000,112,886 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2014/08/26 20:47:04 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2014/08/25 21:04:32 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\aps.uninstall.scan.results
[2014/08/23 15:14:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2014/08/21 19:24:45 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2014/08/20 21:57:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2014/08/20 21:51:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2014/08/20 18:43:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2014/08/20 18:42:29 | 000,219,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
[2014/08/27 12:20:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 09:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 

OTL Extras logfile created on: 8/18/2016 8:36:30 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.42 Mb Total Physical Memory | 199.57 Mb Available Physical Memory | 20.82% Memory free
3.67 Gb Paging File | 2.77 Gb Available in Paging File | 75.66% Paging File free
Paging file location(s): C:\pagefile.sys 2880 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 27.49 Gb Free Space | 36.89% Space Free | Partition Type: NTFS
 
Computer Name: WAYNE-6A7649B9E | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = SafariHTML] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1"
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc.enqueue] -- "C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc.play] -- "C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" "%1" (MPC-HC Team)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox) -- (Mozilla Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0984EA04-EB2C-4AC4-BD0B-94115A48C19E}" = Ledger
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.18
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{34CE35A5-BC22-4045-9F05-6C411D3A74DB}" = Avira Launcher
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{74d1ef14-dd39-4749-b051-e183a1e27f5e}" = Avira Launcher
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{817750FA-EC6A-485D-9901-0683AE6FFDF1}" = Google Earth
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Ultra Edition
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}" = Apple Application Support (32-bit)
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}" = iTunes
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{E1DB0812-2D60-43DB-AE09-6C7027D93B28}" = Apple Mobile Device Support
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 22 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 22 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Avira Antivirus" = Avira Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC 8
"CCleaner" = CCleaner
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DXTXTRA" = Microsoft DirectX Transform optional components
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Family Tree Builder" = MyHeritage Family Tree Builder
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ie8" = Windows Internet Explorer 8
"ImageBrowser EX" = Canon Utilities ImageBrowser EX
"KLiteCodecPack_is1" = K-Lite Codec Pack 12.2.5 Full
"Logitech Print Service" = Logitech Print Service
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 48.0 (x86 en-US)" = Mozilla Firefox 48.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"QcDrv" = Logitech® Camera Driver
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.95
"Speccy" = Speccy
"VLC media player" = VLC media player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Download &amp; Install Packages" = Download &amp; Install Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/14/2016 10:02:25 PM | Computer Name = WAYNE-6A7649B9E | Source = Application Error | ID = 1000
Description = Faulting application frst.exe, version 14.8.2016.0, faulting module
 frst.exe, version 14.8.2016.0, fault address 0x000211de.
 
[ System Events ]
Error - 8/17/2016 8:02:34 PM | Computer Name = WAYNE-6A7649B9E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
 (gupdate) service to connect.
 
Error - 8/17/2016 8:02:35 PM | Computer Name = WAYNE-6A7649B9E | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%1053
 
Error - 8/17/2016 8:27:00 PM | Computer Name = WAYNE-6A7649B9E | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error:   %%2147942403
 
Error - 8/17/2016 9:27:00 PM | Computer Name = WAYNE-6A7649B9E | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error:   %%2147942403
 
Error - 8/18/2016 6:08:53 AM | Computer Name = WAYNE-6A7649B9E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
 (gupdate) service to connect.
 
Error - 8/18/2016 6:08:53 AM | Computer Name = WAYNE-6A7649B9E | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%1053
 
Error - 8/18/2016 6:27:00 AM | Computer Name = WAYNE-6A7649B9E | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error:   %%2147942403
 
Error - 8/18/2016 7:27:00 AM | Computer Name = WAYNE-6A7649B9E | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error:   %%2147942403
 
Error - 8/18/2016 7:27:01 AM | Computer Name = WAYNE-6A7649B9E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
 (gupdate) service to connect.
 
Error - 8/18/2016 7:27:01 AM | Computer Name = WAYNE-6A7649B9E | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%1053
 
 
< End of report >
 


  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c
 
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266}
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266}: "URL" = http://astromenda.co...=1640802568&ir=
IE - HKCU\..\SearchScopes\{E5B4158F-E345-4115-BE5A-4CE6C25171E2}: "URL" = http://astromenda.co...=1234388902&ir=
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll File not found
[2014/11/02 11:25:21 | 000,002,851 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\Astromenda.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O4 - HKCU..\Run: [SearchProtection] "C:\Documents and Settings\Wayne\Application Data\Search Protection\SearchProtection.EXE" /autostart File not found
O4 - HKCU..\Run: [SpybotPostWindows10UpgradeReInstall] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SystweakASP] /verysilent File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
[2016/08/18 08:27:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2016/08/18 08:26:25 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2016/07/19 13:49:14 | 000,000,658 | ---- | M] () -- C:\WINDOWS\tasks\klcp_update.job
 
:Files
C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 
C:\WINDOWS\Tasks\klcp_update.job 
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 
C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job 
 

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 

 
then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
 
Run FRST again.  Check the Addition.txt box hit Scan.  You will get two logs.  Post them both.

  • 0

Advertisements


#56
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts
Just as a matter of curiosity, should I be turning off my antivirus when doing this?
  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Only if your anti-virus objects to OTL.


  • 0

#58
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

I ran the "fix", pc rebooted, but where do i find the log?  I have a log there but it is dated 18th of Aug, today is 21st, so it can't be the right one


  • 0

#59
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Haven't used OTL in a long time but its log should be in the same folder.  If not:  

 

A copy of an OTL fix log is saved in a text file at <systemdrive:\_OTL\MovedFiles. In most cases this will be C:\_OTL\MovedFiles

 

http://www.geekstogo...ldtimer-listit/


  • 0

#60
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

This is what I found in OTL folder

 

========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5B4158F-E345-4115-BE5A-4CE6C25171E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5B4158F-E345-4115-BE5A-4CE6C25171E2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\Astromenda.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall deleted successfully.
C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SystweakASP deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job moved successfully.
C:\WINDOWS\tasks\klcp_update.job moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File\Folder C:\WINDOWS\Tasks\klcp_update.job not found.
File\Folder C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job not found.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job moved successfully.
File\Folder C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job not found.
File\Folder C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Flash cache emptied: 57311 bytes
 
User: Guest
->Flash cache emptied: 57311 bytes
 
User: LocalService
 
User: NetworkService
 
User: Wayne
->Flash cache emptied: 58075 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default User
 
User: Guest
 
User: LocalService
 
User: NetworkService
 
User: Wayne
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08212016_143552
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP