Page 1 of 4 1234 LastLast
Results 1 to 10 of 32

Thread: Taskbar Disappears - windows XP

  1. #1
    Member
    Join Date
    Sep 2009
    Posts
    93

    Default Taskbar Disappears - windows XP

    The taskbar disappears. I reboot and the computer runs reasonably well for 24-48 hours and then the task bar disappear again. Task performed as requested and log fills follow:
    Thank you!!!

    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
    Percentage of memory in use: 49%
    Total physical RAM: 2814.42 MB
    Available physical RAM: 1416.51 MB
    Total Virtual: 4700.93 MB
    Available Virtual: 3418.59 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:341.8 GB) (Free:316.67 GB) NTFS ==>[drive with boot components (Windows XP)]
    Drive d: () (Fixed) (Total:390.63 GB) (Free:339.73 GB) NTFS
    Drive e: () (Fixed) (Total:199.08 GB) (Free:100.85 GB) NTFS
    Drive g: (System) (Fixed) (Total:121.85 GB) (Free:51.59 GB) NTFS ==>[drive with boot components (Windows XP)]
    Drive h: (Data) (Fixed) (Total:148.6 GB) (Free:73.19 GB) NTFS
    Drive i: (Backup) (Fixed) (Total:100 GB) (Free:99.92 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CE18CE18)
    Partition 1: (Active) - (Size=341.8 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=589.7 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 465.6 GB) (Disk ID: 41F041EF)
    Partition 1: (Active) - (Size=121.8 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=148.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=11.7 GB) - (Type=DE)

    ==================== End of Addition.txt ============================

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
    Ran by Administrator (administrator) on ROGER-DESKTOP (16-12-2016 21:33:08)
    Running from E:\Documents and Settings\Roger\Desktop
    Loaded Profiles: Roger & Administrator (Available Profiles: Roger & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) E:\WINDOWS\system32\ati2evxx.exe
    (ATI Technologies Inc.) E:\WINDOWS\system32\ati2evxx.exe
    (AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) E:\WINDOWS\system32\scardsvr.exe
    (Realtek Semiconductor Corp.) E:\WINDOWS\RTHDCPL.exe
    (AVAST Software) E:\Program Files\AVAST Software\Avast\AvastUI.exe
    (SUPERAntiSpyware.com) E:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Brother Industries, Ltd.) E:\Program Files\Brother\ControlCenter2\brctrcen.exe
    (Apple Computer, Inc.) E:\Program Files\Bonjour\mDNSResponder.exe
    (Dropbox, Inc.) E:\Program Files\Dropbox\Client\Dropbox.exe
    (Macrovision) E:\WINDOWS\system32\drivers\CDAC11BA.EXE
    (Skype Technologies S.A.) E:\Program Files\Skype\Phone\Skype.exe
    (CrypKey (Canada) Ltd.) E:\WINDOWS\system32\Crypserv.exe
    () E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    (Seagate) E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    (Dropbox, Inc.) E:\Program Files\Dropbox\Update\DropboxUpdate.exe
    (Microsoft Corporation) E:\WINDOWS\system32\wbem\unsecapp.exe
    (Microsoft Corporation) E:\WINDOWS\system32\wuauclt.exe
    (Google Inc.) E:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
    (Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-13] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [Adobe ARM] => E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe_ID0EYTHM] => E:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] => E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-10-07] (AVAST Software)
    HKLM\...\Run: [QuickTime Task] => E:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [SetDefPrt] => E:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [49152 2004-11-11] (Brother Industories, Ltd.)
    HKLM\...\Run: [ControlCenter2.0] => E:\Program Files\Brother\ControlCenter2\brctrcen.exe [864256 2005-01-07] (Brother Industries, Ltd.)
    HKLM\...\Run: [Dropbox] => E:\Program Files\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
    Winlogon\Notify\AtiExtEvent: E:\WINDOWS\system32\Ati2evxx.dll [2008-03-18] (ATI Technologies Inc.)
    HKU\S-1-5-21-1644491937-813497703-682003330-1003\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
    HKU\S-1-5-21-1644491937-813497703-682003330-1003\...\MountPoints2: {a37c370f-f4fd-11e4-a8bb-02785b918a01} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-1644491937-813497703-682003330-1003\...\MountPoints2: {d2da4ecb-3807-11e4-a8a5-001fd08f1f5b} - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1644491937-813497703-682003330-1003\...\MountPoints2: {d2da4ecc-3807-11e4-a8a5-001fd08f1f5b} - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1644491937-813497703-682003330-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C2].txt
    HKU\S-1-5-21-1644491937-813497703-682003330-500\...\MountPoints2: F - F:\setup.exe
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-07] (AVAST Software)
    GroupPolicy: Restriction ? <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 04 E:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
    Tcpip\..\Interfaces\{EB49A6B1-8C1D-498D-AF66-5EFD93B18641}: [DhcpNameServer] 192.168.29.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: [S-1-5-21-1644491937-813497703-682003330-500] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKU\S-1-5-21-1644491937-813497703-682003330-1003 -> DefaultScope {73CBDD4E-F0B0-4E8E-BD6A-389EB855600A} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1644491937-813497703-682003330-1003 -> {73CBDD4E-F0B0-4E8E-BD6A-389EB855600A} URL = hxxps://www.google.com/search?q={searchTerms}
    BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> E:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-29] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-07] (AVAST Software)
    BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-29] (Oracle Corporation)
    Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-1644491937-813497703-682003330-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
    DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357964692663
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357975986390
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} hxxp://las.mlxchange.com/5.6.09.29841/Control/IRCSharc.cab

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-26] [not signed]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - E:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-07]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - E:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - E:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-07]
    FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-15] ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
    FF Plugin: @java.com/DTPlugin,version=11.71.2 -> E:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-29] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> E:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-29] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> E:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] ()
    FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1644491937-813497703-682003330-1003: @citrixonline.com/appdetectorplugin -> E:\Documents and Settings\Roger\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-06-05] (Citrix Online)
    FF Plugin HKU\S-1-5-21-1644491937-813497703-682003330-1003: magellangps.com/mgnContentManager -> E:\Documents and Settings\Roger\Application Data\MiTAC Digital Corporation\mgnContentManager\npmgnContentManager.dll [2016-01-20] (MiTAC Digital Corp.)
    FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\browser\plugins\ieatgpc.dll [2013-11-08] (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2013-11-08] (Cisco WebEx LLC)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com"
    CHR Profile: E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default [2015-09-30]
    CHR Extension: (Docs) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-25]
    CHR Extension: (Google Drive) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-25]
    CHR Extension: (YouTube) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Google Search) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-25]
    CHR Extension: (Gmail) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-25]
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; E:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
    R2 6to4; E:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
    S3 ACDaemon; E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S3 Adobe Version Cue CS3; E:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
    R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-07] (AVAST Software)
    S3 BlackBerry Device Manager; E:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
    R2 Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
    R2 C-DillaCdaC11BA; E:\WINDOWS\system32\drivers\CDAC11BA.EXE [52736 2016-09-10] (Macrovision) [File not signed]
    R2 Crypkey License; E:\WINDOWS\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
    S2 dbupdate; E:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    S3 dbupdatem; E:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    S2 DbxSvc; E:\WINDOWS\system32\DbxSvc.exe [35440 2016-11-28] (Dropbox, Inc.) [File not signed]
    S3 FLEXnet Licensing Service; E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-15] (Macrovision Europe Ltd.) [File not signed]
    S3 IDriverT; E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 PassThru Service; E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
    R2 SgtSch2Svc; E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [845808 2011-06-30] (Seagate)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AmdK8; E:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
    S3 aswHwid; E:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-10-07] (AVAST Software)
    R1 aswKbd; E:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-10-07] (AVAST Software)
    R2 aswMonFlt; E:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-10-07] (AVAST Software)
    R1 AswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-10-07] (AVAST Software)
    R0 aswRvrt; E:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-10-07] (AVAST Software)
    R1 aswSnx; E:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-10-07] (AVAST Software)
    R1 aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [433768 2016-10-07] (AVAST Software)
    R3 aswStmXP; E:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2016-10-07] (AVAST Software)
    S3 aswTdi; E:\WINDOWS\system32\drivers\aswTdi.sys [66688 2016-10-07] (AVAST Software)
    R0 aswVmm; E:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-10-07] (AVAST Software)
    R3 BrScnUsb; E:\WINDOWS\System32\Drivers\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
    R2 CdaC15BA; E:\WINDOWS\system32\drivers\CdaC15BA.SYS [11376 2016-09-10] () [File not signed]
    S3 gdrv; E:\WINDOWS\gdrv.sys [17488 2013-01-12] (Windows (R) 2000 DDK provider)
    R1 NetworkX; E:\WINDOWS\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
    S3 RimUsb; E:\WINDOWS\System32\Drivers\RimUsb.sys [68608 2014-05-06] (BlackBerry Limited)
    S3 rimvndis; E:\WINDOWS\System32\Drivers\rimvndis.sys [12288 2015-03-19] (BlackBerry Limited) [File not signed]
    R3 RTHDMIAzAudService; E:\WINDOWS\System32\drivers\RtHDMI.sys [3688960 2008-04-29] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SCR3XX2K; E:\WINDOWS\System32\DRIVERS\SCR3XX2K.sys [62976 2013-05-30] (Identive)
    R1 Tcpip6; E:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
    R0 vididr; E:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2013-01-14] (Acronis)
    R0 vidsflt53; E:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2013-01-14] (Acronis)
    U2 CertPropSvc; no ImagePath
    S3 dbx; system32\DRIVERS\dbx.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-16 20:20 - 2016-12-16 20:25 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d2581cdc81e5fe.job
    2016-12-15 21:35 - 2016-05-24 10:43 - 00022694 _____ E:\Documents and Settings\Roger\Desktop\error_log
    2016-12-15 21:34 - 2016-12-15 22:33 - 00000841 _____ E:\Documents and Settings\Roger\Desktop\send-contacts.php
    2016-12-15 21:32 - 2016-05-24 10:43 - 00019815 _____ E:\Documents and Settings\Roger\Desktop\contact.html
    2016-12-12 21:33 - 2016-12-16 21:29 - 00000000 ____D E:\Documents and Settings\Roger\Application Data\Skype
    2016-12-12 21:33 - 2016-12-12 21:33 - 00001878 _____ E:\Documents and Settings\All Users\Desktop\Skype.lnk
    2016-12-12 21:33 - 2016-12-12 21:33 - 00000000 ____D E:\Documents and Settings\Roger\Tracing
    2016-12-12 21:33 - 2016-12-12 21:33 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Skype
    2016-12-12 21:32 - 2016-12-12 21:33 - 00000000 ___RD E:\Program Files\Skype
    2016-12-12 21:32 - 2016-12-12 21:33 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Skype
    2016-12-12 21:32 - 2016-12-12 21:32 - 00000000 ____D E:\Program Files\Common Files\Skype
    2016-12-12 21:29 - 2016-12-12 21:30 - 43552728 _____ (Skype Technologies S.A.) E:\Documents and Settings\Roger\Desktop\SkypeSetupFullXp.exe
    2016-12-09 17:48 - 2016-12-09 17:49 - 00015139 _____ E:\Documents and Settings\Roger\Desktop\fremont 01.jpeg
    2016-12-09 02:11 - 2016-12-09 02:11 - 00000750 _____ E:\Documents and Settings\All Users\Start Menu\Programs\Sublime Text 3.lnk
    2016-12-09 02:11 - 2016-12-09 02:11 - 00000000 ____D E:\Program Files\Sublime Text 3
    2016-12-09 02:11 - 2016-12-09 02:11 - 00000000 ____D E:\Documents and Settings\Roger\Local Settings\Application Data\Sublime Text 3
    2016-12-09 02:11 - 2016-12-09 02:11 - 00000000 ____D E:\Documents and Settings\Roger\Application Data\Sublime Text 3
    2016-12-01 12:46 - 2016-12-01 12:46 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Dropbox
    2016-11-29 11:01 - 2016-12-16 20:16 - 00000892 _____ E:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d24a72eddc4f32.job
    2016-11-26 19:49 - 2016-11-27 06:21 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2016-11-26 19:47 - 2016-11-27 06:21 - 00000000 ____D E:\Documents and Settings\Roger\Desktop\mbar
    2016-11-20 19:56 - 2016-11-20 21:06 - 00000000 ____D E:\Documents and Settings\Roger\Desktop\Jen Picts
    2016-11-17 14:31 - 2016-12-16 09:20 - 00000000 ____D E:\Program Files\Mozilla Firefox

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-16 21:33 - 2016-10-14 13:23 - 00019019 _____ E:\Documents and Settings\Roger\Desktop\FRST.txt
    2016-12-16 21:33 - 2015-09-25 01:14 - 00000000 ____D E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Temp
    2016-12-16 21:30 - 2013-01-11 17:53 - 00000000 ____D E:\Documents and Settings\Roger\Local Settings\Temp
    2016-12-16 21:29 - 2015-09-25 01:15 - 00000178 ___SH E:\Documents and Settings\Administrator.ROGER-DESKTOP\ntuser.ini
    2016-12-16 21:26 - 2016-10-14 13:22 - 00000000 ____D E:\FRST
    2016-12-16 21:25 - 2014-06-05 09:55 - 00000514 _____ E:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1644491937-813497703-682003330-1003.job
    2016-12-16 21:23 - 2016-10-14 13:20 - 01761792 _____ (Farbar) E:\Documents and Settings\Roger\Desktop\FRST.exe
    2016-12-16 21:20 - 2015-09-28 09:37 - 00039771 _____ E:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2016-12-16 20:57 - 2016-02-03 01:58 - 00000830 _____ E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-12-16 20:25 - 2016-07-28 12:51 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1e911ce7c837c.job
    2016-12-16 20:16 - 2016-10-07 05:17 - 00000470 _____ E:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1475846231.job
    2016-12-16 20:16 - 2016-05-10 12:40 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1aafc36bf21d2.job
    2016-12-16 20:16 - 2016-02-01 11:01 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15d22e49186ce.job
    2016-12-16 20:16 - 2015-12-02 09:40 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12d288d1bd6ee.job
    2016-12-16 20:16 - 2015-09-14 14:43 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef3ebabe5dba.job
    2016-12-16 20:16 - 2015-08-30 01:05 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e302f89e769e.job
    2016-12-16 20:16 - 2015-07-15 11:40 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf361ea2e2f8.job
    2016-12-16 20:16 - 2015-05-14 21:01 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08ecc387f391e.job
    2016-12-16 20:16 - 2015-02-05 06:13 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0414df5827840.job
    2016-12-16 20:16 - 2014-11-13 03:52 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff38450a62d6.job
    2016-12-16 20:16 - 2014-10-21 09:48 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfed574469b630.job
    2016-12-16 20:16 - 2014-08-27 12:06 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfc2327115be7c.job
    2016-12-16 20:16 - 2013-01-12 03:48 - 00000316 ____H E:\WINDOWS\Tasks\avast! Emergency Update.job
    2016-12-16 20:16 - 2013-01-11 17:51 - 00000006 ____H E:\WINDOWS\Tasks\SA.DAT
    2016-12-16 20:16 - 2008-04-14 04:00 - 00013734 _____ E:\WINDOWS\system32\wpa.dbl
    2016-12-16 20:15 - 2013-01-15 00:04 - 00000000 ____D E:\Program Files\Mozilla Maintenance Service
    2016-12-16 13:57 - 2013-01-11 17:51 - 00032296 _____ E:\WINDOWS\SchedLgU.Txt
    2016-12-12 21:33 - 2013-01-11 17:53 - 00000000 ____D E:\Documents and Settings\Roger
    2016-12-08 15:00 - 2014-07-28 15:17 - 00000216 _____ E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2016-12-03 13:08 - 2013-01-15 10:32 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\FLEXnet
    2016-12-01 12:47 - 2013-06-15 02:51 - 00000000 ____D E:\Program Files\Dropbox
    2016-11-28 10:39 - 2013-01-11 17:53 - 00000000 ___RD E:\Documents and Settings\Roger\My Documents
    2016-11-28 09:55 - 2013-01-11 08:50 - 00590908 _____ E:\WINDOWS\system32\PerfStringBackup.INI
    2016-11-28 09:49 - 2013-01-11 17:53 - 00000278 ___SH E:\Documents and Settings\Roger\ntuser.ini
    2016-11-28 09:48 - 2008-04-14 04:00 - 00000644 _____ E:\WINDOWS\win.ini
    2016-11-28 09:48 - 2008-04-14 04:00 - 00000227 _____ E:\WINDOWS\system.ini
    2016-11-28 09:37 - 2013-12-26 15:07 - 00000000 ____D E:\WINDOWS\system32\MRT
    2016-11-28 09:27 - 2013-01-11 21:10 - 144884648 ____C (Microsoft Corporation) E:\WINDOWS\system32\MRT.exe
    2016-11-28 09:25 - 2013-01-11 23:03 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Microsoft Help
    2016-11-28 06:05 - 2016-10-24 05:06 - 00063600 _____ (Dropbox, Inc.) E:\WINDOWS\system32\Drivers\dbx-dev.sys
    2016-11-28 06:05 - 2016-09-12 05:11 - 00035440 _____ (Dropbox, Inc.) E:\WINDOWS\system32\DbxSvc.exe
    2016-11-28 06:05 - 2016-09-12 05:05 - 00063600 _____ (Dropbox, Inc.) E:\WINDOWS\system32\Drivers\dbx-stable.sys
    2016-11-28 06:05 - 2016-09-12 05:05 - 00063600 _____ (Dropbox, Inc.) E:\WINDOWS\system32\Drivers\dbx-canary.sys
    2016-11-27 22:19 - 2016-06-04 02:14 - 00000000 ____D E:\Documents and Settings\Roger\Local Settings\Application Data\ESET
    2016-11-27 21:05 - 2014-08-27 22:37 - 00170200 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-11-26 19:48 - 2014-08-27 22:35 - 00121560 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-11-19 08:43 - 2014-01-04 00:05 - 00000000 ____D E:\Program Files\SUPERAntiSpyware

    ==================== Files in the root of some directories =======

    2013-01-18 09:39 - 2013-01-18 09:39 - 0000268 ___RH () E:\Documents and Settings\All Users\Application Data\Calibrators
    2013-01-18 09:39 - 2013-01-18 09:39 - 0000268 ___RH () E:\Documents and Settings\All Users\Application Data\Carbon
    2013-01-18 09:39 - 2013-01-18 09:39 - 0000268 ___RH () E:\Documents and Settings\All Users\Application Data\Channel
    2013-01-18 09:39 - 2013-01-18 09:39 - 0000020 ____H () E:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
    2013-01-18 09:39 - 2016-08-16 16:21 - 0000020 ____H () E:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
    2013-01-18 09:39 - 2016-08-16 16:21 - 0000020 ____H () E:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    E:\WINDOWS\explorer.exe => File is digitally signed
    E:\WINDOWS\system32\winlogon.exe => File is digitally signed
    E:\WINDOWS\system32\svchost.exe => File is digitally signed
    E:\WINDOWS\system32\services.exe => File is digitally signed
    E:\WINDOWS\system32\User32.dll => File is digitally signed
    E:\WINDOWS\system32\userinit.exe => File is digitally signed
    E:\WINDOWS\system32\rpcss.dll => File is digitally signed
    E:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-12-16 21:41:34
    -----------------------------
    21:41:34.766 OS Version: Windows 5.1.2600 Service Pack 3
    21:41:34.766 Number of processors: 2 586 0x6B02
    21:41:34.766 ComputerName: ROGER-DESKTOP UserName: Roger
    21:41:36.203 Initialize success
    21:41:36.203 VM: initialized successfully
    21:41:36.219 VM: Amd CPU virtualization not supported
    21:41:44.250 AVAST engine defs: 16121601
    21:41:58.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    21:41:58.250 Disk 0 Vendor: TOSHIBA_DT01ACA100 MS2OA750 Size: 953868MB BusType: 3
    21:41:58.250 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
    21:41:58.250 Disk 1 Vendor: ST3500320NS SN06 Size: 476810MB BusType: 3
    21:41:58.360 Disk 0 MBR read successfully
    21:41:58.360 Disk 0 MBR scan
    21:41:58.391 Disk 0 Windows XP default MBR code
    21:41:58.391 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350002 MB offset 63
    21:41:58.422 Disk 0 default boot code
    21:41:58.422 Disk 0 Partition - 00 0F Extended LBA 603857 MB offset 716804235
    21:41:58.532 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 400001 MB offset 716804298
    21:41:58.532 Disk 0 Partition - 00 05 Extended 203856 MB offset 1536006780
    21:41:58.563 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 203856 MB offset 1536006843
    21:41:58.625 Disk 0 scanning sectors +1953504000
    21:41:58.750 Disk 0 scanning E:\WINDOWS\system32\drivers
    21:42:04.594 Service scanning
    21:42:16.735 Modules scanning
    21:42:16.735 Disk 0 trace - called modules:
    21:42:16.766 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
    21:42:16.766 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa5eab8]
    21:42:16.766 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8aa8b9e0]
    21:42:16.766 5 vsflt53.sys[b9f60c2b] -> nt!IofCallDriver -> \Device\00000071[0x8aaaaf18]
    21:42:16.766 7 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8aa93d98]
    21:42:17.126 AVAST engine scan E:\WINDOWS
    21:42:21.204 AVAST engine scan E:\WINDOWS\system32
    21:44:52.003 AVAST engine scan E:\WINDOWS\system32\drivers
    21:45:12.691 AVAST engine scan E:\Documents and Settings\Roger
    21:49:31.835 Disk 0 MBR has been saved successfully to "E:\Documents and Settings\Roger\Desktop\MBR.dat"
    21:49:31.835 The log file has been saved successfully to "E:\Documents and Settings\Roger\Desktop\aswMBR.txt"

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Can you look and find Addition.txt, copy and paste it in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Member
    Join Date
    Sep 2009
    Posts
    93

    Default

    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
    Percentage of memory in use: 49%
    Total physical RAM: 2814.42 MB
    Available physical RAM: 1416.51 MB
    Total Virtual: 4700.93 MB
    Available Virtual: 3418.59 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:341.8 GB) (Free:316.67 GB) NTFS ==>[drive with boot components (Windows XP)]
    Drive d: () (Fixed) (Total:390.63 GB) (Free:339.73 GB) NTFS
    Drive e: () (Fixed) (Total:199.08 GB) (Free:100.85 GB) NTFS
    Drive g: (System) (Fixed) (Total:121.85 GB) (Free:51.59 GB) NTFS ==>[drive with boot components (Windows XP)]
    Drive h: (Data) (Fixed) (Total:148.6 GB) (Free:73.19 GB) NTFS
    Drive i: (Backup) (Fixed) (Total:100 GB) (Free:99.92 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CE18CE18)
    Partition 1: (Active) - (Size=341.8 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=589.7 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 465.6 GB) (Disk ID: 41F041EF)
    Partition 1: (Active) - (Size=121.8 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=148.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=11.7 GB) - (Type=DE)

    ==================== End of Addition.txt ============================

    Sorry thought this was in the original post.
    Roger

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    That was the end of the one I wanted to see

    End of Addition.txt

    ~~~

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ~~~~~~~~~~~~~~~~~~


    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    please post

    AdwCleaner[C1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Member
    Join Date
    Sep 2009
    Posts
    93

    Default

    Tasks performed as requested. See logs below...
    Thank you!!!
    # AdwCleaner v6.041 - Logfile created 19/12/2016 at 13:46:12
    # Updated on 16/12/2016 by Malwarebytes
    # Database : 2016-12-19.1 [Server]
    # Operating System : Microsoft Windows XP Service Pack 3 (X86)
    # Username : Administrator - ROGER-DESKTOP
    # Running from : E:\Documents and Settings\Roger\Desktop\AdwCleaner.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    Folder Found: E:\Documents and Settings\All Users\Documents\Downloaded Installers
    Folder Found: E:\Program Files\SlimCleaner


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found: HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Classes\ShopAtHomeHelper.CookiesManager
    Key Found: HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Classes\ShopAtHomeHelper.CookiesManager.1
    Key Found: HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Classes\ShopAtHomeHelper.hxxpHandle302
    Key Found: HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
    Key Found: HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Classes\ShopAtHomeHelper.PostUrlWorker
    Key Found: HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
    Key Found: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
    Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
    Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
    Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
    Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
    Key Found: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
    Key Found: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
    Key Found: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
    Key Found: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
    Key Found: HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
    Key Found: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
    Key Found: HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Microsoft\Tinstalls
    Key Found: HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Probit Software
    Key Found: HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\tinydm.com
    Key Found: HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Yahoo\Companion
    Key Found: HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Yahoo\YFriendsBar


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    *************************

    \AdwCleaner\AdwCleaner[S0].txt - [3416 Bytes] - [19/12/2016 13:46:12]

    ########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3487 Bytes] ##########



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Microsoft Windows XP x86
    Ran by Administrator (Administrator) on Mon 12/19/2016 at 16:15:21.14
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 9

    Failed to delete: E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3R2XZSL6 (Temporary Internet Files Folder)
    Failed to delete: E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\72Q86T6S (Temporary Internet Files Folder)
    Failed to delete: E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G17RQCHB (Temporary Internet Files Folder)
    Failed to delete: E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZYL0NTYJ (Temporary Internet Files Folder)
    Successfully deleted: E:\WINDOWS\wininit.ini (File)
    Successfully deleted: E:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3R2XZSL6 (Temporary Internet Files Folder)
    Successfully deleted: E:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\72Q86T6S (Temporary Internet Files Folder)
    Successfully deleted: E:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G17RQCHB (Temporary Internet Files Folder)
    Successfully deleted: E:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZYL0NTYJ (Temporary Internet Files Folder)



    Registry: 1

    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 12/19/2016 at 16:17:58.28
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Let's run a new scan with Malwarebytes

    Open Malwarebytes
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs, followed by the first Scan Log.
    • Click Export,followed by Copy to Clipboard. Paste the log in your next reply.


    ~~~~~~~~~~~~~~~~

    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
    • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;


    ~~~~~
    please post these 2 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Member
    Join Date
    Sep 2009
    Posts
    93

    Default

    Tasks performed as requested. However the EEK program gave me a message stating that "This Program can not be run on Windows Versions Prior to 7". Perhaps it will work from the command line prompt???

    Log from MalwareBytes is pasted below.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/20/2016
    Scan Time: 12:40:26 PM
    Logfile: MalwareBytes.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.12.20.15
    Rootkit Database: v2016.11.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Roger

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 336795
    Time Elapsed: 30 min, 33 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Tell me how the computer is now.

    Working with windows XP many tools have not adapted to that version since it is no longer supported by Microsoft.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Member
    Join Date
    Sep 2009
    Posts
    93

    Default

    it seems ok at the moment, but we need to give it more time, because it sometimes takes a few days for the problem to occur. Did we remove anything that would explain the task-bar to disappearance?

    One resulting problem is the standard forms in outlook got corrupted. I don't think outlook was infected, but I think all of the reboots without properly terminating outlook caused the message form in the standard forms library to be corrupted. THe result is if your compose a new message it only has a "To" field (No subject and no cc/bcc fields. I tried to let outlook self repair, but no help. I can create a custom form and that is a workaround for the problem, but I can't figure out how to update the standard form or even where the form library is stored.

    If I can find the form library, maybe I can delete it and then get outlook repair to replace it. Do you have any suggestions for the outlook problem?!?

    Thanks sooo much for all your help!!

    Roger

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    For taskbar
    https://support.microsoft.com/en-us/kb/318027

    Right-Click on the taskbar and select Properties.
    Toggle the 'Auto-Hide the taskbar' checkbox and click Apply.
    If it is now checked, move the cursor to the bottom, right, left, or top of the screen and the taskbar should re-appear.
    Repeat step three to return to your original setting.

    ~~

    For Outlook
    https://support.microsoft.com/en-us/kb/919596
    scroll down to Clear the forms cache
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •