Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Flickering Screen on Chrome Start-up & html script

Chrome Virus code popup

  • Please log in to reply

#1
anthroanne1

anthroanne1

    New Member

  • Member
  • Pip
  • 5 posts

Hello trusty friends! 

Strange thing happened. when I click on my Google Chrome - my Google screen starts flickering, automatically goes to full screen, and keeps flickering until I can manage to put in an url. In addition, if  there is any text input box like a search box for said url - like your site - the screen splits when I type and the html code appears to the right.

 

Here is my FST scan below. 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by HP_Administrator (administrator) on OWNER-HP (29-03-2017 01:22:02)
Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Loaded Profiles: HP_Administrator & Administrator (Available Profiles: HP_Administrator & 
 
Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United 
 
States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: 
 
 
ol/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be 
 
moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
( ) C:\Program Files\FromDocToPDF_65\bar\1.bin\APPINTEGRATOR.EXE
(VER_COMPANY_NAME) C:\Program Files\FromDocToPDF_65\bar\1.bin\65brmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Hewlett-Packard Company) C:\Program Files\Common 
 
Files\LightScribe\LightScribeControlPanel.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(GameHouse) C:\Program Files\GameHouse Games\aminstantservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files\WinZip System Utilities 
 
Suite\WINZIPSSDefragSrv.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\spider.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or 
 
removed. The file will not be moved.)
 
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft 
 
Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20143688 2013-03-12] (Realtek 
 
Semiconductor Corp.)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe 
 
[87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft 
 
Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 
 
2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [1707080 
 
2016-11-21] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
 
[959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FromDocToPDF Home Page Guard 32 bit] => C:\Program 
 
Files\FromDocToPDF_65\bar\1.bin\AppIntegrator.exe [421448 2014-02-03] ( )
HKLM\...\Run: [FromDocToPDF_65 Browser Plugin Loader] => C:\Program 
 
Files\FromDocToPDF_65\bar\1.bin\65brmon.exe [61512 2014-02-03] (VER_COMPANY_NAME)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 
 
2016-12-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-09-09] (ATI Technologies 
 
Inc.)
HKU\S-1-5-21-583907252-527237240-839522115-1003\...\Run: [LightScribe Control Panel] => 
 
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] 
 
(Hewlett-Packard Company)
HKU\S-1-5-21-583907252-527237240-839522115-1003\...\Run: [MSMSGS] => C:\Program 
 
Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-583907252-527237240-839522115-1003\...\Run: [Messenger (Yahoo!)] => C:\Program 
 
Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 
 
Screen Clipper and Launcher.lnk [2015-05-20]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft 
 
Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or 
 
restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12
Tcpip\..\Interfaces\{48B313EE-5599-4990-9F6D-65190A0F3613}: [DhcpNameServer] 192.168.1.1 
 
71.252.0.12
 
Internet Explorer:
==================
HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet 
 
Explorer\Main,Start Page = 
 
hxxps://mysearch.avg.com?cid={21B8D846-7BA1-4773-8D87-FC1872E85CBC}&mid=e6eaafe6c59947d38318
 
d157caa938a5-c7c7d6b9ba2d48fe1a2e979742a89868954fb053&lang=en&ds=AVG&coid=avgtbavg&cmpid=071
 
5tb&pr=fr&d=2013-06-12 14:07:55&v=19.6.0.592&pid=safeguard&sg=0&sap=hp
HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet 
 
Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-583907252-527237240-839522115-1003 - (No Name) - 
 
{4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program 
 
Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
URLSearchHook: HKU\S-1-5-21-583907252-527237240-839522115-1003 - YTNavAssistPlugin Class - 
 
{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program 
 
Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
URLSearchHook: [S-1-5-21-583907252-527237240-839522115-500] ATTENTION => Default 
 
URLSearchHook is missing
SearchScopes: HKLM -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = 
 
hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S08555^us&si=CKD7sYuWsbwCFZN9Ogod
 
lyAA3g&ptb=C182BA99-F555-41EC-9C27-CE14C2EEF4B5&ind=2014020319&n=780b82df&psa=&st=sb&searchf
 
or={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-527237240-839522115-1003 -> DefaultScope 
 
{95B7759C-8C7F-4BF1-B163-73684A933233} URL = 
 
hxxps://mysearch.avg.com/search?cid={21B8D846-7BA1-4773-8D87-FC1872E85CBC}&mid=e6eaafe6c5994
 
7d38318d157caa938a5-c7c7d6b9ba2d48fe1a2e979742a89868954fb053&lang=en&ds=AVG&coid=avgtbavg&cm
 
pid=0415tb&pr=fr&d=2013-06-12 
 
14:07:55&v=19.6.0.592&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-527237240-839522115-1003 -> 
 
{95B7759C-8C7F-4BF1-B163-73684A933233} URL = 
 
hxxps://mysearch.avg.com/search?cid={21B8D846-7BA1-4773-8D87-FC1872E85CBC}&mid=e6eaafe6c5994
 
7d38318d157caa938a5-c7c7d6b9ba2d48fe1a2e979742a89868954fb053&lang=en&ds=AVG&coid=avgtbavg&cm
 
pid=0415tb&pr=fr&d=2013-06-12 
 
14:07:55&v=19.6.0.592&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-527237240-839522115-1003 -> 
 
{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = 
 
hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S08555^us&si=CKD7sYuWsbwCFZN9Ogod
 
lyAA3g&ptb=C182BA99-F555-41EC-9C27-CE14C2EEF4B5&ind=2014020319&n=780b82df&psa=&st=sb&searchf
 
or={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program 
 
Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2014-09-18] (Yahoo! Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program 
 
Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft 
 
Corporation)
BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG 
 
SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-11-21] (AVG Secure 
 
Search)
BHO: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program 
 
Files\FromDocToPDF_65\bar\1.bin\65bar.dll [2014-02-03] (Mindspark)
BHO: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program 
 
Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll [2014-02-03] (Mindspark)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program 
 
Files\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-11-21] (AVG 
 
Secure Search)
Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program 
 
Files\FromDocToPDF_65\bar\1.bin\65bar.dll [2014-02-03] (Mindspark)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 
 
Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2014-09-18] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-583907252-527237240-839522115-1003 -> No Name - 
 
{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-583907252-527237240-839522115-1003 -> FromDocToPDF - 
 
{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - C:\Program 
 
Files\FromDocToPDF_65\bar\1.bin\65bar.dll [2014-02-03] (Mindspark)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} 
 
hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?13913
 
09566489
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} 
 
hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} 
 
hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.
 
0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program 
 
Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft 
 
Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common 
 
Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-11-21] (AVG Secure 
 
Search)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - 
 
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation 
 
Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - 
 
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation 
 
Foundation\DotNetAssistantExtension [2013-05-30] [not signed]
FF Plugin: @avg.com/AVG SiteSafety 
 
plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common 
 
Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin: @FromDocToPDF_65.com/Plugin -> C:\Program 
 
Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll [No File]
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program 
 
Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows 
 
Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program 
 
Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program 
 
Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll 
 
[2014-08-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default [2017-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and 
 
Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-26]
CHR 
 
HKU\S-1-5-21-583907252-527237240-839522115-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome
 
\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - 
 
hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will 
 
not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI 
 
Corporation)
R2 AMInstantService; C:\Program Files\GameHouse Games\aminstantservice.exe [2041776 
 
2016-10-26] (GameHouse)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-02-22] (AVG 
 
Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG 
 
Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-02-22] (AVG Technologies CZ, 
 
s.r.o.)
S2 FromDocToPDF_65Service; C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe [88648 
 
2014-02-03] (COMPANYVERS_NAME)
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121600 
 
2013-04-05] (Intel Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 
 
2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not 
 
signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not 
 
signed]
R2 WINZIPSSDiskOptimizer; C:\Program Files\WinZip System Utilities 
 
Suite\WINZIPSSDefragSrv.exe [267384 2014-07-23] (WinZip Computing, S.L. (WinZip Computing))
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will 
 
not be moved unless listed separately.)
 
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies 
 
CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2017-02-20] (AVG 
 
Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies 
 
CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG 
 
Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies 
 
CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies 
 
CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies 
 
CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies 
 
CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies 
 
CZ, s.r.o.)
R0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies 
 
CZ, s.r.o.)
S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-12-12] (Broadcom 
 
Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft 
 
Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File 
 
not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R2 CX23880; C:\WINDOWS\System32\drivers\cx88vid.sys [160256 2004-10-13] (Conexant Systems, 
 
Inc.) [File not signed]
R2 CX88ENC; C:\WINDOWS\System32\drivers\cx88enc.sys [297344 2004-10-13] (Conexant Systems, 
 
Inc.) [File not signed]
R3 CXAVXBAR; C:\WINDOWS\System32\drivers\cxavxbar.sys [9472 2004-10-13] (Conexant Systems, 
 
Inc.) [File not signed]
R2 CXTUNE; C:\WINDOWS\System32\drivers\CX88TUNE.sys [31616 2004-10-13] (Conexant Systems, 
 
Inc.) [File not signed]
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-15] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-15] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-15] (HP)
R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) 
 
[File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft 
 
Corporation)
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will 
 
not be moved unless listed separately.)
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-29 01:21 - 2017-03-29 01:22 - 00000000 ____D C:\FRST
2017-03-27 02:12 - 2017-03-27 02:12 - 00000000 __SHD C:\Documents and 
 
Settings\Administrator\IETldCache
2017-03-27 02:11 - 2017-03-27 02:18 - 00000178 ___SH C:\Documents and 
 
Settings\Administrator\ntuser.ini
2017-03-27 02:11 - 2017-03-27 02:12 - 00000000 ____D C:\Documents and Settings\Administrator
2017-03-27 02:11 - 2014-02-03 04:03 - 00000000 ____D C:\Documents and 
 
Settings\Administrator\Local Settings\Application Data\Microsoft Help
2017-03-27 02:11 - 2013-07-25 08:59 - 00000000 ____D C:\Documents and 
 
Settings\Administrator\Application Data\TuneUp Software
2017-03-27 02:11 - 2013-05-30 11:15 - 00001599 _____ C:\Documents and 
 
Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2017-03-27 02:11 - 2013-05-30 11:15 - 00000792 _____ C:\Documents and 
 
Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2017-03-27 02:11 - 2013-05-30 06:38 - 00000000 ____D C:\Documents and 
 
Settings\Administrator\My Documents
2017-03-27 02:11 - 2013-05-30 06:38 - 00000000 ____D C:\Documents and 
 
Settings\Administrator\Local Settings\Temp
2017-03-27 01:32 - 2017-03-27 01:38 - 00000666 _____ C:\Documents and 
 
Settings\HP_Administrator\Desktop\avgrep.txt
2017-03-27 01:04 - 2017-03-28 00:18 - 00126430 _____ C:\WINDOWS\ntbtlog.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-29 01:22 - 2013-05-30 11:23 - 00000000 ____D C:\Documents and 
 
Settings\HP_Administrator\Local Settings\Temp
2017-03-29 01:11 - 2013-06-12 14:05 - 00000000 ____D C:\Documents and Settings\All 
 
Users\Application Data\MFAData
2017-03-29 00:53 - 2014-02-19 22:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player 
 
Updater.job
2017-03-29 00:47 - 2014-10-28 21:37 - 00000886 _____ 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-03-28 17:47 - 2014-10-28 21:37 - 00000882 _____ 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-03-28 11:53 - 2013-05-30 11:19 - 00032558 _____ C:\WINDOWS\SchedLgU.Txt
2017-03-28 00:33 - 2016-09-20 08:04 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-03-28 00:25 - 2013-05-30 06:38 - 00577068 _____ 
 
C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-28 00:21 - 2013-05-30 14:57 - 00003668 _____ C:\WINDOWS\ModemLog_LSI PCI Soft 
 
Modem.txt
2017-03-28 00:21 - 2013-05-30 11:12 - 00000000 ____D C:\WINDOWS\Registration
2017-03-28 00:19 - 2014-04-03 17:16 - 00000244 _____ C:\WINDOWS\Tasks\Microsoft Windows XP 
 
End of Service Notification Logon.job
2017-03-28 00:19 - 2013-05-30 11:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-28 00:18 - 2013-05-30 11:23 - 00000178 ___SH C:\Documents and 
 
Settings\HP_Administrator\ntuser.ini
2017-03-27 02:11 - 2013-05-30 06:37 - 00000000 ____D C:\Documents and Settings
2017-03-26 23:10 - 2014-09-27 08:36 - 00000470 _____ 
 
C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSOneClickCare.job
2017-03-26 23:10 - 2004-08-10 07:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2017-03-26 22:27 - 2014-09-27 08:36 - 00000508 _____ 
 
C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
2017-03-26 08:41 - 2013-05-30 06:30 - 00000000 ___HD C:\WINDOWS\inf
2017-03-19 23:41 - 2013-05-30 11:23 - 00000000 ___RD C:\Documents and 
 
Settings\HP_Administrator\My Documents
2017-03-16 03:06 - 2013-05-31 12:40 - 00000000 ____D C:\Documents and Settings\All 
 
Users\Application Data\Microsoft Help
2017-03-15 16:16 - 2013-05-31 12:43 - 00002515 _____ C:\Documents and 
 
Settings\HP_Administrator\Desktop\Microsoft Office Word 2007.lnk
2017-03-15 07:49 - 2014-03-31 08:18 - 00000000 ____D C:\Documents and Settings\All 
 
Users\Start Menu\Programs\AVG
2017-03-08 16:00 - 2014-04-03 17:16 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP 
 
End of Service Notification Monthly.job
 
==================== Files in the root of some directories =======
 
2014-01-30 01:25 - 2014-09-30 08:44 - 0000187 _____ () C:\Documents and 
 
Settings\HP_Administrator\Application Data\default.rss
2014-09-30 09:11 - 2014-09-30 09:11 - 0000139 _____ () C:\Documents and 
 
Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2013-10-28 01:59 - 2014-12-06 21:25 - 0001082 _____ () C:\Documents and Settings\All 
 
Users\Application Data\hpzinstall.log
 
Some files in TEMP:
====================
2016-04-07 20:41 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) 
 
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081210861884.exe
2016-07-27 03:35 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) 
 
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08146607745.exe
2016-04-18 16:03 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) 
 
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081531248969.exe
2016-05-13 17:51 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) 
 
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081777684093.exe
2016-06-24 02:03 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) 
 
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_082121049372.exe
2016-05-31 10:46 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) 
 
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08301816953.exe
2016-01-05 11:03 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) 
 
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08704003961.exe
2016-08-22 04:30 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) 
 
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08821063848.exe
2016-03-06 19:06 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) 
 
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08930022315.exe
2016-01-15 19:12 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) 
 
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08931435874.exe
2013-06-12 14:07 - 2013-06-12 14:07 - 3238936 _____ (AVG Secure Search) C:\Documents and 
 
Settings\HP_Administrator\Local Settings\Temp\oi_{78F0BD64-537B-4208-9699-A919E2635BA9}.exe
2013-05-31 12:39 - 2006-10-27 23:14 - 0145184 _____ (Microsoft Corporation) C:\Documents and 
 
Settings\HP_Administrator\Local Settings\Temp\ose00000.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
and additional scan below;
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by HP_Administrator (29-03-2017 01:22:49)
Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-05-30 15:18:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-583907252-527237240-839522115-500 - Administrator - Enabled) => 
 
%SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-583907252-527237240-839522115-1004 - Limited - Enabled)
Guest (S-1-5-21-583907252-527237240-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-583907252-527237240-839522115-1000 - Limited - Disabled)
HP_Administrator (S-1-5-21-583907252-527237240-839522115-1003 - Administrator - Enabled) => 
 
%SystemDrive%\Documents and Settings\HP_Administrator
SUPPORT_388945a0 (S-1-5-21-583907252-527237240-839522115-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. 
 
The adware programs should be uninstalled manually.)
 
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - 
 
Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 
 
11.0.08 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AiO_Scan (Version: 50.0.227.000 - Hewlett-Packard) Hidden
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.06-040909a-018560C-HP - )
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG (Version: 16.151.8007 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4769 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8007 - AVG Technologies)
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 19.6.0.592 - AVG 
 
Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) 
 
(Version: 10.0.2312.02 - CyberLink Corp.)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
FromDocToPDF Internet Explorer Toolbar (HKLM\...\FromDocToPDF_65bar Uninstall Internet 
 
Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
GameHouse Games (HKLM\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 
 
- HP)
HP PSC & OfficeJet 4.7 (HKLM\...\{5469D537-9B44-4c78-BF2D-5F9807564F74}) (Version:  - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}) (Version:  - HP)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Network Connections 18.3.62.0 (HKLM\...\{FCF3ECF7-7AE0-4E26-B387-09A3A80B79CC}) 
 
(Version: 18.3.62.0 - Intel)
Levels 1, 2 & 3 Latin American Spanish 5-User Edition 
 
(HKLM\...\{3B647532-F01A-458B-87F6-06B046D657CB}) (Version: 1.1.16 - TOPICS Entertainment)
LightScribe System Software (HKLM\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 
 
1.18.18.1 - LightScribe)
LSI PCI Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Menu Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft 
 
Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - 
 
Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - 
 
Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - 
 
Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 
 
(HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft 
 
Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 
 
(HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft 
 
Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - 
 
Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client 
 
Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) 
 
(Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - 
 
Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) 
 
(HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A
 
2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft 
 
Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) 
 
(Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - 
 
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) 
 
(Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 
 
(HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft 
 
Corporation)
Movie Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 
 
4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 
 
4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{97a9b6eb-4f13-4bdc-8600-cb49736aff2d}) (Version:  - Nero AG)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) 
 
(Version: 5.10.0.6873 - Realtek Semiconductor Corp.)
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) 
 
(Version: 4.5.13.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) 
 
(HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA6
 
8E92D}) (Version:  - Microsoft)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - 
 
Microsoft Corporation)
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) 
 
(Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - 
 
Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - 
 
Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft 
 
Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft 
 
Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft 
 
Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft 
 
Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft 
 
Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft 
 
Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - 
 
Microsoft Corporation)
WinZip System Utilities Suite (HKLM\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1) 
 
(Version: 2.5.1000.15714 - WinZip Computing, S.L. (WinZip Computing))
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will 
 
not be moved unless listed separately.)
 
CustomCLSID: 
 
HKU\S-1-5-21-583907252-527237240-839522115-1003_Classes\CLSID\{4c60e5ab-5c68-4c59-abaa-88501
 
0b24b32}\InprocServer32 -> C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll 
 
(Mindspark)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which 
 
is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => 
 
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup AVG Technologies  
 
 ጃ  0 ߡ    !           0ߡ    !           
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program 
 
Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program 
 
Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => 
 
C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => 
 
C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job => C:\Program Files\WinZip 
 
System Utilities Suite\WINZIPSSCheckUpdate.exe
Task: C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSOneClickCare.job => C:\Program Files\WinZip System 
 
Utilities Suite\WINZIPSS.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Documents and Settings\HP_Administrator\NetHood\My Web Sites on MSN\target.lnk 
 
-> hxxp://www.msnusers.co
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-21 23:28 - 2016-11-21 23:28 - 01707080 _____ () C:\Program Files\AVG SafeGuard 
 
toolbar\vprot.exe
2010-08-16 13:21 - 2010-08-16 13:21 - 02121728 _____ () C:\Program Files\Common 
 
Files\LightScribe\QtCore4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 07745536 _____ () C:\Program Files\Common 
 
Files\LightScribe\QtGui4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 00135168 _____ () C:\Program Files\Common 
 
Files\LightScribe\plugins\imageformats\qjpeg4.dll
2016-11-28 15:56 - 2016-11-28 15:56 - 48920064 _____ () C:\Program 
 
Files\AVG\UiDll\2623\libcef.dll
2004-08-10 07:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 07:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 07:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2004-08-10 07:00 - 2005-08-05 13:06 - 00165376 _____ () C:\WINDOWS\system32\mpg2splt.ax
2004-08-10 07:00 - 2005-08-05 14:01 - 00159744 _____ () C:\WINDOWS\system32\VBICodec.ax
2004-08-10 07:00 - 2011-10-14 17:38 - 00456192 _____ () C:\WINDOWS\system32\encdec.dll
2014-10-02 09:05 - 2012-05-25 04:25 - 00921600 _____ () C:\Program 
 
Files\Yahoo!\Messenger\yui.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The 
 
"AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or 
 
removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-10 07:00 - 2004-08-10 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-583907252-527237240-839522115-1003\Control Panel\Desktop\\Wallpaper -> 
 
C:\Documents and Settings\HP_Administrator\Local Settings\Application 
 
Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-583907252-527237240-839522115-500\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 192.168.1.1 - 71.252.0.12
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will 
 
not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] 
 
=> Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program 
 
Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft 
 
Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft 
 
Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft 
 
Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => 
 
Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Common\HPDeviceDetection3.exe] 
 
=> Enabled:HP Device Detection
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Local 
 
Settings\Temp\7zS4085\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => 
 
Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a 
 
DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => 
 
Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => 
 
Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program 
 
Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program 
 
Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: 
 
[C:\temp\usbvid_03f0&pid_4211&mi_00\setup\HPZnet01.exe] => Enabled:hpznet01.exe
StandardProfile\AuthorizedApplications: 
 
[C:\temp\usbvid_03f0&pid_4211&mi_00\setup\hponicifs01.exe] => Enabled:hponicifs01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital 
 
Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital 
 
Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => 
 
Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => 
 
Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => 
 
Enabled:Personal Email Scanner
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
==================== Restore Points =========================
 
29-12-2016 12:36:54 System Checkpoint
30-12-2016 13:36:41 System Checkpoint
31-12-2016 14:35:59 System Checkpoint
01-01-2017 14:36:10 System Checkpoint
02-01-2017 15:35:17 System Checkpoint
03-01-2017 16:35:10 System Checkpoint
05-01-2017 00:01:07 System Checkpoint
06-01-2017 02:38:31 System Checkpoint
07-01-2017 03:32:51 System Checkpoint
08-01-2017 05:27:05 System Checkpoint
09-01-2017 06:26:39 System Checkpoint
10-01-2017 06:27:04 System Checkpoint
11-01-2017 07:26:56 System Checkpoint
12-01-2017 08:24:31 System Checkpoint
13-01-2017 09:22:59 System Checkpoint
14-01-2017 10:21:46 System Checkpoint
15-01-2017 11:20:15 System Checkpoint
16-01-2017 12:18:07 System Checkpoint
17-01-2017 12:19:05 System Checkpoint
18-01-2017 12:19:12 System Checkpoint
19-01-2017 13:19:10 System Checkpoint
20-01-2017 14:19:09 System Checkpoint
21-01-2017 14:19:12 System Checkpoint
22-01-2017 15:19:12 System Checkpoint
23-01-2017 16:19:12 System Checkpoint
24-01-2017 17:06:18 System Checkpoint
25-01-2017 17:19:12 System Checkpoint
26-01-2017 18:19:12 System Checkpoint
27-01-2017 19:19:16 System Checkpoint
28-01-2017 19:43:15 System Checkpoint
29-01-2017 20:19:13 System Checkpoint
30-01-2017 21:19:13 System Checkpoint
31-01-2017 22:19:16 System Checkpoint
01-02-2017 23:55:16 System Checkpoint
03-02-2017 01:38:03 System Checkpoint
04-02-2017 04:07:46 System Checkpoint
05-02-2017 05:36:34 System Checkpoint
06-02-2017 06:19:17 System Checkpoint
07-02-2017 07:19:15 System Checkpoint
08-02-2017 08:19:15 System Checkpoint
10-02-2017 03:43:14 System Checkpoint
11-02-2017 03:55:16 System Checkpoint
12-02-2017 04:00:54 System Checkpoint
13-02-2017 04:50:45 System Checkpoint
14-02-2017 05:50:18 System Checkpoint
15-02-2017 05:50:29 System Checkpoint
16-02-2017 06:50:25 System Checkpoint
17-02-2017 07:50:20 System Checkpoint
18-02-2017 08:48:27 System Checkpoint
19-02-2017 09:47:19 System Checkpoint
20-02-2017 10:43:33 System Checkpoint
21-02-2017 11:36:40 System Checkpoint
22-02-2017 12:34:57 System Checkpoint
23-02-2017 12:36:00 System Checkpoint
24-02-2017 13:29:57 System Checkpoint
25-02-2017 14:29:33 System Checkpoint
26-02-2017 15:05:07 System Checkpoint
27-02-2017 15:21:05 System Checkpoint
28-02-2017 16:20:08 System Checkpoint
01-03-2017 16:20:32 System Checkpoint
02-03-2017 16:21:04 System Checkpoint
03-03-2017 16:21:07 System Checkpoint
04-03-2017 17:21:06 System Checkpoint
05-03-2017 18:21:06 System Checkpoint
06-03-2017 19:07:44 System Checkpoint
07-03-2017 19:57:38 System Checkpoint
08-03-2017 20:53:52 System Checkpoint
09-03-2017 21:29:13 System Checkpoint
10-03-2017 22:16:49 System Checkpoint
11-03-2017 23:09:57 System Checkpoint
12-03-2017 23:51:22 System Checkpoint
14-03-2017 00:16:43 System Checkpoint
15-03-2017 01:16:26 System Checkpoint
16-03-2017 02:34:48 System Checkpoint
16-03-2017 03:00:50 Software Distribution Service 3.0
17-03-2017 03:08:17 System Checkpoint
18-03-2017 04:07:56 System Checkpoint
19-03-2017 05:07:55 System Checkpoint
20-03-2017 06:07:40 System Checkpoint
21-03-2017 07:07:24 System Checkpoint
22-03-2017 08:03:11 System Checkpoint
23-03-2017 09:00:36 System Checkpoint
24-03-2017 09:13:15 System Checkpoint
25-03-2017 09:39:06 System Checkpoint
26-03-2017 09:47:30 System Checkpoint
28-03-2017 00:56:52 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/24/2017 03:03:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 49.0.2623.112, hang module hungapp, 
 
version 0.0.0.0, hang address 0x00000000.
 
Error: (12/14/2016 12:50:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application island2.exe, version 0.0.0.0, faulting module island2.exe, 
 
version 0.0.0.0, fault address 0x0002458c.
Processing media-specific event for [island2.exe!ws!]
 
Error: (12/06/2016 01:02:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application game_atlantis_win.exe, version 0.0.0.0, faulting module 
 
game_atlantis_win.exe, version 0.0.0.0, fault address 0x0006d3c1.
Processing media-specific event for [game_atlantis_win.exe!ws!]
 
Error: (10/15/2016 10:32:49 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: 
 
 
ab> with error: A required certificate is not within its validity period when verifying 
 
against the current system clock or the timestamp in the signed file.
 
Error: (10/15/2016 10:32:48 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: 
 
 
ab> with error: A required certificate is not within its validity period when verifying 
 
against the current system clock or the timestamp in the signed file.
 
Error: (08/11/2016 02:27:37 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: 
 
 
xt> with error: The specified server cannot perform the requested operation.
 
Error: (08/11/2016 02:27:37 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: 
 
 
xt> with error: The specified server cannot perform the requested operation.
 
Error: (08/11/2016 02:27:31 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: 
 
 
xt> with error: This operation returned because the timeout period expired.
 
Error: (08/11/2016 07:52:51 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: 
 
 
xt> with error: The specified server cannot perform the requested operation.
 
Error: (08/11/2016 07:52:51 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: 
 
 
xt> with error: The specified server cannot perform the requested operation.
 
 
System errors:
=============
Error: (03/29/2017 01:10:53 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
 
Error: (03/29/2017 01:10:53 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
 
Error: (03/28/2017 12:38:46 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.6 for the Network Card with network address 
 
001E8C4DD156 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
 
Error: (03/28/2017 12:21:06 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/28/2017 12:21:06 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/28/2017 12:18:17 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" 
 
attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (03/27/2017 02:18:39 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" 
 
attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (03/27/2017 02:18:38 AM) (Source: DCOM) (EventID: 10005) (User: OWNER-HP)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" 
 
attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error: (03/27/2017 02:18:12 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" 
 
attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (03/27/2017 02:17:18 AM) (Source: DCOM) (EventID: 10005) (User: OWNER-HP)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" 
 
attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD3-2166-11D1-B1D0-00805FC1270E}
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 3.20GHz
Percentage of memory in use: 67%
Total physical RAM: 2046.39 MB
Available physical RAM: 665.89 MB
Total Virtual: 3937.77 MB
Available Virtual: 2986.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.75 GB) (Free:383.14 GB) NTFS ==>[drive with boot components 
 
(Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 5FE34B69)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Next

Please download adwCleaner to your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next
  • Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

    Next
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

    In your next reply post;
  • The AdwCleaner [C1].txt Log
  • The JRT.txt Log
  • Malwarebytes log

  • 0

#3
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
This topic has been re-opened due to user request,
  • 0

#4
anthroanne1

anthroanne1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi Zep, 

Here are the following logs you requested. 

Adwcleaner c1 - these are the items deleted 

# AdwCleaner v6.046 - Logfile created 29/04/2017 at 01:12:24
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-24.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : HP_Administrator - OWNER-HP
# Running from : C:\Documents and Settings\HP_Administrator\My Documents\Downloads\adwcleaner_6.046 (1).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: FromDocToPDF_65Service
[!] Service not deleted: YahooAUService
[!] Service not deleted: yahooauservice
 
 
***** [ Folders ] *****
 
[#] Folder deleted on reboot: C:\Program Files\FromDocToPDF_65
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Avg_Update_0215tb
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Avg_Update_0814tb
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Avg_Update_1114tb
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Avg_Update_1214tb
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[-] Folder deleted: C:\Program Files\AVG SafeGuard toolbar
[-] Folder deleted: C:\Program Files\AVG Security Toolbar
[-] Folder deleted: C:\Program Files\Yahoo!\Companion
[#] Folder deleted on reboot: C:\Program Files\FromDocToPDF_65
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Program Files\Yahoo!\Common\unyt.exe
[-] File deleted: C:\WINDOWS\system32\roboot.exe
[-] File deleted: C:\WINDOWS\system32\sasnative32.exe
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\FromDocToPDF_65Service
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\fromdoctopdf_65service
[-] Key deleted: HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\FromDocToPDF_65
[#] Key deleted on reboot: HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\FromDocToPDF_65_is1
[#] Key deleted on reboot: HKCU\Software\FromDocToPDF_65
[#] Key deleted on reboot: HKCU\Software\FromDocToPDF_65_is1
[-] Key deleted: HKLM\SOFTWARE\FromDocToPDF_65
[#] Key deleted on reboot: HKLM\SOFTWARE\FromDocToPDF_65_is1
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
[-] Key deleted: HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF Home Page Guard 32 bit]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF_65 Browser Plugin Loader]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36b445bf-1b84-466a-a623-a360a8cff8c3}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6cbf5c01-c876-481b-867e-111cb1d2a7d6}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701f5c41-bb30-46da-a56b-68784b0b762b}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a3b975a0-f679-444e-9d94-6d292fa53140}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e1035f55-4c0c-4efc-9aae-38f421fce726}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.FromDocToPDF_65.MultipleButton
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.FromDocToPDF_65.MultipleButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.FromDocToPDF_65.ThirdPartyInstaller
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.FromDocToPDF_65.ThirdPartyInstaller.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.FromDocToPDF_65.ScriptButton
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.FromDocToPDF_65.ScriptButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4ffa72ec-9fd9-4b2b-92a5-68b60885fd8a}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{4ffa72ec-9fd9-4b2b-92a5-68b60885fd8a}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.FromDocToPDF_65.RadioSettings
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.FromDocToPDF_65.RadioSettings.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{72d05120-df65-4c27-921e-899b5267fef2}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{72d05120-df65-4c27-921e-899b5267fef2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.FromDocToPDF_65.ToolbarProtector
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.FromDocToPDF_65.ToolbarProtector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.FromDocToPDF_65.Radio
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.FromDocToPDF_65.Radio.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.FromDocToPDF_65.SettingsPlugin
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.FromDocToPDF_65.SettingsPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.FromDocToPDF_65.PseudoTransparentPlugin
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.FromDocToPDF_65.PseudoTransparentPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.FromDocToPDF_65.FeedManager
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.FromDocToPDF_65.FeedManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.FromDocToPDF_65.HTMLPanel
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.FromDocToPDF_65.HTMLPanel.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.FromDocToPDF_65.HTMLMenu
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.FromDocToPDF_65.HTMLMenu.1
[#] Key deleted on reboot: {4c60e5ab-5c68-4c59-abaa-885010b24b32}
[#] Key deleted on reboot: {1747AE4D-0A83-4336-84D4-48500BF1554F}
[#] Key deleted on reboot: {2C9D27D8-C81E-4968-8026-E725E01650C1}
[#] Key deleted on reboot: {3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
[#] Key deleted on reboot: {3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
[#] Key deleted on reboot: {4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
[#] Key deleted on reboot: {6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
[#] Key deleted on reboot: {74C02D12-FAEE-4834-80D2-5B7D2480AD61}
[#] Key deleted on reboot: {840AE8AE-D547-433E-985C-6BF6C74F5084}
[#] Key deleted on reboot: {A85ACA7E-5CD2-461B-877A-994CCCCF491C}
[#] Key deleted on reboot: {BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
[#] Key deleted on reboot: {E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{1EF6208B-483A-48F6-B9E5-9B6C54200F8C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{463A3C2B-3B87-4FAD-A9A6-CD1B93ED836C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4AD8E6E4-3DFE-458D-845D-55F516C7C3B0}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6467B28C-D408-4066-8B26-056335875D3D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{777CEBBF-A763-42BE-ABBF-FF264689666B}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{87509D74-1F24-4B10-A14E-0AACF713CE14}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9FD6C2C1-C847-410A-995A-AEE5F27F0674}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A1F3E70D-04BA-47FB-ACCA-CC8FCFA74D41}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C7879E06-4C3F-4061-B619-7CFD072E4F26}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DAAD8A57-6BD6-48D0-9034-093AD607C39A}
[-] Key deleted: HKLM\SOFTWARE\Classes\ASO3_JUMP_LIST
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\SecureShell.WINZIPSSSecureShellExt
[-] Key deleted: HKLM\SOFTWARE\Classes\SecureShell.WINZIPSSSecureShellExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F236CA79-3123-4AFB-9F74-E98117AD5625}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
[-] Key deleted: HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key deleted: HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\AVG Security Toolbar
[-] Key deleted: HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[-] Key deleted: HKLM\SOFTWARE\AVG Security Toolbar
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
[-] Data restored: HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Key deleted: HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [30570 Bytes] - [29/04/2017 01:12:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [28503 Bytes] - [29/04/2017 01:04:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [30718 Bytes] ##########
 
JRT LOG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Microsoft Windows XP x86 
Ran by HP_Administrator (Administrator) on Sat 04/29/2017 at  1:26:52.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 27 
 
Successfully deleted: C:\Documents and Settings\HP_Administrator\Application Data\alawarentertainment (Folder) 
Successfully deleted: C:\Documents and Settings\HP_Administrator\Application Data\avg safeguard toolbar (Folder) 
Successfully deleted: C:\Documents and Settings\HP_Administrator\Application Data\fromdoctopdf_65 (Folder) 
Successfully deleted: C:\Documents and Settings\HP_Administrator\Application Data\iwin (Folder) 
Successfully deleted: C:\Documents and Settings\HP_Administrator\Application Data\visi_coupon (Folder) 
Successfully deleted: C:\Documents and Settings\HP_Administrator\Application Data\yahoocouponaddon (Folder) 
Successfully deleted: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\avg safeguard toolbar (Folder) 
Successfully deleted: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\iac (Folder) 
Successfully deleted: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\visi_coupon (Folder) 
Successfully deleted: C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSOneClickCare.job (Task) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2FQDIBQ7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8T0JW1YL (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C2OOQUT7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CBWFW9UR (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EF8P0RAB (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JAHFQBKI (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODE92V0R (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U5RY5VT0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Program Files\fromdoctopdf_65 (Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2FQDIBQ7 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8T0JW1YL (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C2OOQUT7 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CBWFW9UR (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EF8P0RAB (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JAHFQBKI (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ODE92V0R (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U5RY5VT0 (Temporary Internet Files Folder) 
 
 
 
Registry: 4 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\YahooAUService (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/29/2017 at  1:30:37.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes log
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/29/17
Scan Time: 1:37 AM
Logfile: malwarebytescanlog.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1834
License: Trial
 
-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: OWNER-HP\HP_Administrator
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276101
Time Elapsed: 25 min, 2 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 2
PUP.Optional.MindSpark, HKU\S-1-5-21-583907252-527237240-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4C60E5AB-5C68-4C59-ABAA-885010B24B32}, Quarantined, [267], [170062],1.0.1834
PUP.Optional.MindSpark, HKU\S-1-5-21-583907252-527237240-839522115-1003_Classes\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32}, Quarantined, [267], [170062],1.0.1834
 
Registry Value: 3
PUP.Optional.MindSpark, HKU\S-1-5-21-583907252-527237240-839522115-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{4C60E5AB-5C68-4C59-ABAA-885010B24B32}, Quarantined, [267], [170062],1.0.1834
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\CLASSES\.DOC\OPENWITHPROGIDS|ASO3_JUMP_LIST, Quarantined, [273], [327153],1.0.1834
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\CLASSES\.TXT\OPENWITHPROGIDS|ASO3_JUMP_LIST, Quarantined, [273], [327154],1.0.1834
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 3
PUP.Optional.AdvancedSystemProtector, C:\PROGRAM FILES\WINZIP SYSTEM UTILITIES SUITE\SCANDLL.DLL, Quarantined, [273], [326828],1.0.1834
PUP.Optional.BundleInstaller, C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\MY DOCUMENTS\DOWNLOADS\ANDY_46.16_66.EXE, Quarantined, [25], [377906],1.0.1834
PUP.Optional.WinZipSystemProtector, C:\PROGRAM FILES\WINZIP SYSTEM UTILITIES SUITE\WINZIPSSSYSTEMPROTECTOR.EXE, Quarantined, [8835], [111774],1.0.1834
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 

  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Any changes in operation ?

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#6
anthroanne1

anthroanne1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Start up still continues to be slow and my desktop icons flicker (that is they are on desktop and then disappear for two-three seconds and reappear). 

Also it was slow to pull up Farbar. At the beginning of the scan it was running very slowly as if the scan had been paused for a couple of seconds. I pulled up the task manager to see if there were other programs taking up the CPU. At various times avgs.exe was running as well as MBAMserve. It did seem to start up faster than before though. I noticed before that I would have a lot of CPU memory used by files such as avgui.exe , ehrec.exe, aswidsagent.exe previously.

I can tell you that I was able to restart without difficulty. Before we did these fixes I had to manually hit the power button - restart would hang before. 

Here are the files.

2017-04-02 05:51 - 2013-05-30 06:30 - 00000000 ___HD C:\WINDOWS\inf
2017-04-02 05:46 - 2013-05-30 06:38 - 08147109 _____ C:\WINDOWS\setupapi.log.0.old
2017-04-02 05:44 - 2013-06-12 14:07 - 00000000 ____D C:\Program Files\AVG
 
==================== Files in the root of some directories =======
 
2014-01-30 01:25 - 2014-09-30 08:44 - 0000187 _____ () C:\Documents and Settings\HP_Administrator\Application Data\default.rss
2014-09-30 09:11 - 2014-09-30 09:11 - 0000139 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2013-10-28 01:59 - 2014-12-06 21:25 - 0001082 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
 
Some files in TEMP:
====================
2016-04-07 20:41 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081210861884.exe
2016-07-27 03:35 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08146607745.exe
2016-04-18 16:03 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081531248969.exe
2016-05-13 17:51 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081777684093.exe
2016-06-24 02:03 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_082121049372.exe
2016-05-31 10:46 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08301816953.exe
2016-01-05 11:03 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08704003961.exe
2016-08-22 04:30 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08821063848.exe
2016-03-06 19:06 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08930022315.exe
2016-01-15 19:12 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08931435874.exe
2013-06-12 14:07 - 2013-06-12 14:07 - 3238936 _____ (AVG Secure Search) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\oi_{78F0BD64-537B-4208-9699-A919E2635BA9}.exe
2013-05-31 12:39 - 2006-10-27 23:14 - 0145184 _____ (Microsoft Corporation) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ose00000.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-04-2017
Ran by HP_Administrator (30-04-2017 23:06:04)
Running from C:\Documents and Settings\HP_Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-05-30 15:18:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-583907252-527237240-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-583907252-527237240-839522115-1004 - Limited - Enabled)
Guest (S-1-5-21-583907252-527237240-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-583907252-527237240-839522115-1000 - Limited - Disabled)
HP_Administrator (S-1-5-21-583907252-527237240-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator
SUPPORT_388945a0 (S-1-5-21-583907252-527237240-839522115-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: AVG Antivirus (Enabled - Up to date) {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AiO_Scan (Version: 50.0.227.000 - Hewlett-Packard) Hidden
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.06-040909a-018560C-HP - )
AVG (HKLM\...\AvgZen) (Version: 1.181.3.2097 - AVG Technologies)
AVG (Version: 1.181.1 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4769 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG Antivirus) (Version: 17.3.3011 - AVG Technologies)
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8012 - AVG Technologies)
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 19.6.0.592 - AVG Technologies)
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.02 - CyberLink Corp.)
FMW 1 (Version: 1.182.1 - AVG Technologies) Hidden
GameHouse Games (HKLM\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP PSC & OfficeJet 4.7 (HKLM\...\{5469D537-9B44-4c78-BF2D-5F9807564F74}) (Version:  - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}) (Version:  - HP)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Network Connections 18.3.62.0 (HKLM\...\{FCF3ECF7-7AE0-4E26-B387-09A3A80B79CC}) (Version: 18.3.62.0 - Intel)
Levels 1, 2 & 3 Latin American Spanish 5-User Edition (HKLM\...\{3B647532-F01A-458B-87F6-06B046D657CB}) (Version: 1.1.16 - TOPICS Entertainment)
LightScribe System Software (HKLM\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
LSI PCI Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Menu Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{97a9b6eb-4f13-4bdc-8600-cb49736aff2d}) (Version:  - Nero AG)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6873 - Realtek Semiconductor Corp.)
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip System Utilities Suite (HKLM\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1) (Version: 2.5.1000.15714 - WinZip Computing, S.L. (WinZip Computing))
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Antivirus Emergency Update.job => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup AVG Technologies      0 ߡ   
          0ߡ   
          
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job => C:\Program Files\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Documents and Settings\HP_Administrator\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-04-02 05:45 - 2017-04-02 05:45 - 00171208 _____ () C:\Program Files\AVG\Antivirus\JsonRpcServer.dll
2017-04-02 05:45 - 2017-04-02 05:45 - 00177472 _____ () C:\Program Files\AVG\Antivirus\event_routing_rpc.dll
2017-04-30 14:43 - 2017-04-30 14:43 - 05921792 _____ () C:\Program Files\AVG\Antivirus\defs\17043000\algo.dll
2017-04-02 05:45 - 2017-04-02 05:45 - 00654504 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2017-04-02 05:45 - 2017-04-02 05:45 - 00231616 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2004-08-10 07:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 07:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 07:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2004-08-10 07:00 - 2005-08-05 13:06 - 00165376 _____ () C:\WINDOWS\system32\mpg2splt.ax
2004-08-10 07:00 - 2005-08-05 14:01 - 00159744 _____ () C:\WINDOWS\system32\VBICodec.ax
2004-08-10 07:00 - 2011-10-14 17:38 - 00456192 _____ () C:\WINDOWS\system32\encdec.dll
2016-11-28 15:56 - 2016-11-28 15:56 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2017-04-02 05:45 - 2017-04-02 05:45 - 48936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2017-04-29 01:36 - 2017-03-22 10:24 - 01736992 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2014-10-02 09:05 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-10 07:00 - 2004-08-10 07:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-583907252-527237240-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1 - 71.252.0.12
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Common\HPDeviceDetection3.exe] => Enabled:HP Device Detection
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zS4085\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\temp\usbvid_03f0&pid_4211&mi_00\setup\HPZnet01.exe] => Enabled:hpznet01.exe
StandardProfile\AuthorizedApplications: [C:\temp\usbvid_03f0&pid_4211&mi_00\setup\hponicifs01.exe] => Enabled:hponicifs01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
==================== Restore Points =========================
 
31-01-2017 22:19:16 System Checkpoint
01-02-2017 23:55:16 System Checkpoint
03-02-2017 01:38:03 System Checkpoint
04-02-2017 04:07:46 System Checkpoint
05-02-2017 05:36:34 System Checkpoint
06-02-2017 06:19:17 System Checkpoint
07-02-2017 07:19:15 System Checkpoint
08-02-2017 08:19:15 System Checkpoint
10-02-2017 03:43:14 System Checkpoint
11-02-2017 03:55:16 System Checkpoint
12-02-2017 04:00:54 System Checkpoint
13-02-2017 04:50:45 System Checkpoint
14-02-2017 05:50:18 System Checkpoint
15-02-2017 05:50:29 System Checkpoint
16-02-2017 06:50:25 System Checkpoint
17-02-2017 07:50:20 System Checkpoint
18-02-2017 08:48:27 System Checkpoint
19-02-2017 09:47:19 System Checkpoint
20-02-2017 10:43:33 System Checkpoint
21-02-2017 11:36:40 System Checkpoint
22-02-2017 12:34:57 System Checkpoint
23-02-2017 12:36:00 System Checkpoint
24-02-2017 13:29:57 System Checkpoint
25-02-2017 14:29:33 System Checkpoint
26-02-2017 15:05:07 System Checkpoint
27-02-2017 15:21:05 System Checkpoint
28-02-2017 16:20:08 System Checkpoint
01-03-2017 16:20:32 System Checkpoint
02-03-2017 16:21:04 System Checkpoint
03-03-2017 16:21:07 System Checkpoint
04-03-2017 17:21:06 System Checkpoint
05-03-2017 18:21:06 System Checkpoint
06-03-2017 19:07:44 System Checkpoint
07-03-2017 19:57:38 System Checkpoint
08-03-2017 20:53:52 System Checkpoint
09-03-2017 21:29:13 System Checkpoint
10-03-2017 22:16:49 System Checkpoint
11-03-2017 23:09:57 System Checkpoint
12-03-2017 23:51:22 System Checkpoint
14-03-2017 00:16:43 System Checkpoint
15-03-2017 01:16:26 System Checkpoint
16-03-2017 02:34:48 System Checkpoint
16-03-2017 03:00:50 Software Distribution Service 3.0
17-03-2017 03:08:17 System Checkpoint
18-03-2017 04:07:56 System Checkpoint
19-03-2017 05:07:55 System Checkpoint
20-03-2017 06:07:40 System Checkpoint
21-03-2017 07:07:24 System Checkpoint
22-03-2017 08:03:11 System Checkpoint
23-03-2017 09:00:36 System Checkpoint
24-03-2017 09:13:15 System Checkpoint
25-03-2017 09:39:06 System Checkpoint
26-03-2017 09:47:30 System Checkpoint
28-03-2017 00:56:52 System Checkpoint
29-03-2017 07:11:17 System Checkpoint
30-03-2017 07:32:13 System Checkpoint
31-03-2017 08:28:17 System Checkpoint
01-04-2017 09:27:17 System Checkpoint
02-04-2017 05:47:53 Installed Windows XP Wdf01009.
04-04-2017 06:06:37 Removed AVG
03-04-2017 06:38:36 System Checkpoint
11-04-2017 00:54:05 Removed AVG
05-04-2017 06:48:10 System Checkpoint
06-04-2017 07:47:25 System Checkpoint
07-04-2017 08:46:46 System Checkpoint
08-04-2017 08:46:57 System Checkpoint
09-04-2017 09:08:51 System Checkpoint
10-04-2017 09:42:34 System Checkpoint
11-04-2017 10:18:48 System Checkpoint
12-04-2017 03:02:03 Removed AVG
12-04-2017 03:01:03 Software Distribution Service 3.0
25-04-2017 01:39:38 Removed AVG
13-04-2017 13:30:07 System Checkpoint
14-04-2017 14:27:36 System Checkpoint
15-04-2017 14:36:12 System Checkpoint
16-04-2017 15:24:40 System Checkpoint
17-04-2017 15:25:26 System Checkpoint
18-04-2017 15:25:31 System Checkpoint
19-04-2017 16:25:30 System Checkpoint
20-04-2017 17:25:29 System Checkpoint
21-04-2017 17:45:10 System Checkpoint
22-04-2017 18:35:46 System Checkpoint
24-04-2017 01:59:35 System Checkpoint
28-04-2017 02:58:49 Removed AVG
26-04-2017 01:59:24 System Checkpoint
27-04-2017 03:50:28 System Checkpoint
28-04-2017 05:21:05 System Checkpoint
28-04-2017 06:33:04 Removed AVG
29-04-2017 01:26:56 JRT Pre-Junkware Removal
30-04-2017 01:44:21 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/28/2017 02:58:05 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1704. An installation for AVG is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
Error: (04/25/2017 09:53:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application spider.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/25/2017 09:52:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application spider.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/25/2017 01:39:09 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1704. SA_Error1704: StandardAction(0xC00706A8): An installation for AVG is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
 
Error: (04/12/2017 11:22:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application spider.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/12/2017 11:22:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application spider.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/12/2017 03:01:41 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft Office Enterprise 2007 -- Error 1704.An installation for AVG is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
Error: (04/12/2017 12:36:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application spider.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/11/2017 12:53:07 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1704. An installation for AVG is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
Error: (04/04/2017 06:06:07 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1704. SA_Error1704: StandardAction(0xC00706A8): An installation for AVG is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
 
 
System errors:
=============
Error: (04/30/2017 11:03:57 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The avgbIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).
 
Error: (04/30/2017 11:02:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avgbidsdriver
Avgdiskx
AVGIDSHX
 
Error: (04/29/2017 10:43:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgdiskx
AVGIDSDriverl
AVGIDSHX
 
Error: (04/29/2017 08:36:12 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\WinZip System Utilities Suite\mfc90u.dll.
Reference error message: The operation completed successfully.
.
 
Error: (04/29/2017 08:36:12 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "C:\Program Files\WinZip System Utilities Suite\Microsoft.VC90.MFCLOC.MANIFEST" on line 4.
 
Error: (04/29/2017 08:36:12 AM) (Source: SideBySide) (EventID: 34) (User: )
Description: Component identity found in manifest does not match the identity of the component requested
 
Error: (04/29/2017 08:36:01 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\WinZip System Utilities Suite\mfc90u.dll.
Reference error message: The operation completed successfully.
.
 
Error: (04/29/2017 08:36:01 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "C:\Program Files\WinZip System Utilities Suite\Microsoft.VC90.MFCLOC.MANIFEST" on line 4.
 
Error: (04/29/2017 08:36:01 AM) (Source: SideBySide) (EventID: 34) (User: )
Description: Component identity found in manifest does not match the identity of the component requested
 
Error: (04/29/2017 01:37:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Anti-Exploit service failed to start due to the following error: 
A device attached to the system is not functioning.
 
 
 
 = = = = = = = = = = = = = = = = = = = =   M e m o r y   i n f o   = = = = = = = = = = = = = = = = = = = = = = = = = = =   
 
 
 
 P r o c e s s o r :     I n t e l ( R )   P e n t i u m ( R )   4   C P U   3 . 2 0 G H z 
 
 P e r c e n t a g e   o f   m e m o r y   i n   u s e :   4 1 % 
 
 T o t a l   p h y s i c a l   R A M :   2 0 4 6 . 3 9   M B 
 
 A v a i l a b l e   p h y s i c a l   R A M :   1 1 9 5 . 6 4   M B 
 
 T o t a l   V i r t u a l :   3 9 3 7 . 3 7   M B 
 
 A v a i l a b l e   V i r t u a l :   3 2 1 1 . 6 5   M B 
 
 
 
 = = = = = = = = = = = = = = = = = = = =   D r i v e s   = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = 
 
 
 
 D r i v e   c :   ( )   ( F i x e d )   ( T o t a l : 4 6 5 . 7 5   G B )   ( F r e e : 3 7 8 . 2   G B )   N T F S   = = > [ d r i v e   w i t h   b o o t   c o m p o n e n t s   ( W i n d o w s   X P ) ] 
 
 
 
 = = = = = = = = = = = = = = = = = = = =   M B R   &   P a r t i t i o n   T a b l e   = = = = = = = = = = = = = = = = = = 
 
 
 
 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = 
 
 D i s k :   0   ( M B R   C o d e :   W i n d o w s   X P )   ( S i z e :   4 6 5 . 8   G B )   ( D i s k   I D :   5 F E 3 4 B 6 9 ) 
 
 P a r t i t i o n   1 :   ( A c t i v e )   -   ( S i z e = 4 6 5 . 8   G B )   -   ( T y p e = 0 7   N T F S ) 
 
 
 
 = = = = = = = = = = = = = = = = = = = =   E n d   o f   A d d i t i o n . t x t   = = = = = = = = = = = = = = = = = = = = 

  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

You have a lot of errors in the log associated with AVG. Looks something may be wrong with it. I'd consider uninstalling it and reinstalling it.

Uninstall AVG using the control panel add / remove programs
Click start > control panel > add remove programs
In the list find AVG right click on it, choose uninstall.

Then
Download and run the AVG removal tool and run it. This will make sure AVG is completely uninstalled
Avg removal tool ->http://www.avg.com/us-en/utilities

Then
Reinstall AVG from here
http://www.avg.com/u...ivirus-download
Pay attention when you install AVG and uncheck additional items it wants to install. It tends to install AVG tune up and other items.
Always do a custom install if the opportunity presents it self..

Part of your FRST log is missing
Please re-post FRST.txt

Take your time posting the log reports, it's the only thing I have as a guide and your fist set of logs were un-readable with all the spaces
Copy the logs directly from note pad and paste them in.
  • 0

#8
anthroanne1

anthroanne1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

HI,

I have just uninstalled the AVG. There was no flickering of the icons. 

Hmm. sorry about that in regards to the file. The spaces were in the file. I did not reformat the file. I will recopy it below. 

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-04-2017

Ran by HP_Administrator (administrator) on OWNER-HP (30-04-2017 23:04:32)
Running from C:\Documents and Settings\HP_Administrator\Desktop
Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(GameHouse) C:\Program Files\GameHouse Games\aminstantservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(HP) C:\WINDOWS\system32\HPZipm12.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20143688 2013-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [219800 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [219800 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [263088 2017-04-02] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-09-09] (ATI Technologies Inc.)
HKU\S-1-5-21-583907252-527237240-839522115-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-583907252-527237240-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-583907252-527237240-839522115-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-05-20]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12
Tcpip\..\Interfaces\{48B313EE-5599-4990-9F6D-65190A0F3613}: [DhcpNameServer] 192.168.1.1 71.252.0.12
 
Internet Explorer:
==================
HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1391309566489
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-30] [not signed]
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-26]
CHR HKU\S-1-5-21-583907252-527237240-839522115-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 AMInstantService; C:\Program Files\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [262696 2017-04-02] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5808784 2017-04-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189744 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121600 2013-04-05] (Intel Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 WINZIPSSDiskOptimizer; C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe [267384 2014-07-23] (WinZip Computing, S.L. (WinZip Computing))
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiskx.sys [135384 2017-04-02] (AVG Technologies CZ, s.r.o.)
S1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdriverx.sys [257504 2017-04-02] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidshx.sys [150536 2017-04-02] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgblogx.sys [269856 2017-04-02] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbunivx.sys [43504 2017-04-02] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [35128 2017-04-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2017-02-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [109056 2017-04-29] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr.sys [61744 2017-04-02] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [63136 2017-04-02] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [765048 2017-04-02] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [473888 2017-04-29] (AVG Technologies CZ, s.r.o.)
R3 avgStmXP; C:\WINDOWS\system32\drivers\avgStmXP.sys [185200 2017-04-02] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [280784 2017-04-02] (AVG Technologies CZ, s.r.o.)
S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-12-12] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R2 CX23880; C:\WINDOWS\System32\drivers\cx88vid.sys [160256 2004-10-13] (Conexant Systems, Inc.) [File not signed]
R2 CX88ENC; C:\WINDOWS\System32\drivers\cx88enc.sys [297344 2004-10-13] (Conexant Systems, Inc.) [File not signed]
R3 CXAVXBAR; C:\WINDOWS\System32\drivers\cxavxbar.sys [9472 2004-10-13] (Conexant Systems, Inc.) [File not signed]
R2 CXTUNE; C:\WINDOWS\System32\drivers\CX88TUNE.sys [31616 2004-10-13] (Conexant Systems, Inc.) [File not signed]
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-15] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-15] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-15] (HP)
R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [148256 2017-04-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-04-30] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [220088 2017-04-30] (Malwarebytes)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S1 Avgdiskx; system32\DRIVERS\avgdiskx.sys [X]
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-30 23:03 - 2017-04-30 23:03 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion
2017-04-29 22:50 - 2017-04-29 22:50 - 00002313 _____ C:\Documents and Settings\HP_Administrator\Desktop\malwarebytescanlog.txt
2017-04-29 22:40 - 2017-04-29 22:40 - 00002359 _____ C:\Documents and Settings\HP_Administrator\Desktop\results malware1.txt
2017-04-29 01:37 - 2017-04-30 23:04 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-29 01:37 - 2017-04-30 23:04 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-04-29 01:37 - 2017-04-29 01:37 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-29 01:36 - 2017-04-29 01:36 - 00001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-04-29 01:36 - 2017-04-29 01:36 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-29 01:36 - 2017-04-29 01:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-04-29 01:36 - 2017-04-29 01:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-04-29 01:36 - 2017-03-22 11:02 - 00059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-04-29 01:30 - 2017-04-29 01:30 - 00004749 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt
2017-04-29 01:15 - 2017-04-29 01:15 - 00030798 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[C0].txt
2017-04-29 01:07 - 2017-04-29 01:07 - 00028503 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[S0].txt
2017-04-29 01:02 - 2017-04-29 01:12 - 00000000 ____D C:\AdwCleaner
2017-04-02 22:31 - 2017-04-02 22:31 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Temp
2017-04-02 05:47 - 2017-04-02 05:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2017-04-02 05:47 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2017-04-02 05:46 - 2017-04-30 23:02 - 00000344 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
2017-04-02 05:46 - 2017-04-29 00:58 - 00473888 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsp.sys
2017-04-02 05:46 - 2017-04-29 00:58 - 00109056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmonflt.sys
2017-04-02 05:46 - 2017-04-02 05:45 - 00765048 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-04-02 05:46 - 2017-04-02 05:45 - 00331240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-04-02 05:46 - 2017-04-02 05:45 - 00280784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-04-02 05:46 - 2017-04-02 05:45 - 00269856 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
2017-04-02 05:46 - 2017-04-02 05:45 - 00257504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
2017-04-02 05:46 - 2017-04-02 05:45 - 00185200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStmXP.sys
2017-04-02 05:46 - 2017-04-02 05:45 - 00150536 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
2017-04-02 05:46 - 2017-04-02 05:45 - 00135384 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
2017-04-02 05:46 - 2017-04-02 05:45 - 00063136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-04-02 05:46 - 2017-04-02 05:45 - 00061744 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr.sys
2017-04-02 05:46 - 2017-04-02 05:45 - 00043504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
2017-04-02 05:46 - 2017-04-02 05:45 - 00035128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-30 23:05 - 2017-03-29 01:22 - 00014143 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt
2017-04-30 23:05 - 2013-05-30 11:23 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Temp
2017-04-30 23:04 - 2017-03-29 01:21 - 00000000 ____D C:\FRST
2017-04-30 23:04 - 2013-05-30 14:57 - 00003668 _____ C:\WINDOWS\ModemLog_LSI PCI Soft Modem.txt
2017-04-30 23:03 - 2017-03-29 01:21 - 01768960 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2017-04-30 23:02 - 2016-09-20 08:04 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-04-30 23:02 - 2014-10-28 21:37 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-30 23:02 - 2013-05-30 11:12 - 00000000 ____D C:\WINDOWS\Registration
2017-04-30 23:01 - 2014-04-03 17:16 - 00000244 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-04-30 23:01 - 2013-05-30 11:19 - 00032646 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-30 23:01 - 2013-05-30 11:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-30 23:01 - 2004-08-10 07:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2017-04-30 23:00 - 2013-05-30 11:23 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini
2017-04-30 23:00 - 2013-05-30 11:23 - 00000000 ____D C:\Documents and Settings\HP_Administrator
2017-04-30 22:58 - 2014-10-28 21:37 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-30 22:53 - 2014-02-19 22:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-04-29 22:41 - 2014-09-27 08:14 - 00000000 ____D C:\Program Files\WinZip System Utilities Suite
2017-04-29 22:40 - 2014-09-27 08:36 - 00000508 _____ C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
2017-04-29 01:11 - 2014-10-02 09:03 - 00000000 ____D C:\Program Files\Yahoo!
2017-04-28 06:32 - 2013-06-12 14:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2017-04-25 01:39 - 2015-12-08 10:40 - 00000629 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2017-04-25 01:39 - 2014-03-31 08:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2017-04-12 03:05 - 2013-05-31 12:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2017-04-08 15:00 - 2014-04-03 17:16 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-04-03 11:29 - 2013-05-30 11:23 - 00000000 ___RD C:\Documents and Settings\HP_Administrator\My Documents
2017-04-02 22:43 - 2015-12-08 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2017-04-02 20:55 - 2015-12-08 10:45 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVG
2017-04-02 05:51 - 2013-05-30 06:30 - 00000000 ___HD C:\WINDOWS\inf
2017-04-02 05:46 - 2013-05-30 06:38 - 08147109 _____ C:\WINDOWS\setupapi.log.0.old
2017-04-02 05:44 - 2013-06-12 14:07 - 00000000 ____D C:\Program Files\AVG
 
==================== Files in the root of some directories =======
 
2014-01-30 01:25 - 2014-09-30 08:44 - 0000187 _____ () C:\Documents and Settings\HP_Administrator\Application Data\default.rss
2014-09-30 09:11 - 2014-09-30 09:11 - 0000139 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2013-10-28 01:59 - 2014-12-06 21:25 - 0001082 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
 
Some files in TEMP:
====================
2016-04-07 20:41 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081210861884.exe
2016-07-27 03:35 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08146607745.exe
2016-04-18 16:03 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081531248969.exe
2016-05-13 17:51 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081777684093.exe
2016-06-24 02:03 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_082121049372.exe
2016-05-31 10:46 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08301816953.exe
2016-01-05 11:03 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08704003961.exe
2016-08-22 04:30 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08821063848.exe
2016-03-06 19:06 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08930022315.exe
2016-01-15 19:12 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08931435874.exe
2013-06-12 14:07 - 2013-06-12 14:07 - 3238936 _____ (AVG Secure Search) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\oi_{78F0BD64-537B-4208-9699-A919E2635BA9}.exe
2013-05-31 12:39 - 2006-10-27 23:14 - 0145184 _____ (Microsoft Corporation) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ose00000.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

  • 0

#9
anthroanne1

anthroanne1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

HI ,

I have just run another First scan here is both the addition and first scan results. 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-04-2017
Ran by HP_Administrator (administrator) on OWNER-HP (02-05-2017 23:46:02)
Running from C:\Documents and Settings\HP_Administrator\Desktop
Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(GameHouse) C:\Program Files\GameHouse Games\aminstantservice.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20143688 2013-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvgUi] => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-09-09] (ATI Technologies Inc.)
HKU\S-1-5-21-583907252-527237240-839522115-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-583907252-527237240-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-583907252-527237240-839522115-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-05-20]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12
Tcpip\..\Interfaces\{48B313EE-5599-4990-9F6D-65190A0F3613}: [DhcpNameServer] 192.168.1.1 71.252.0.12
 
Internet Explorer:
==================
HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1391309566489
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-30] [not signed]
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-05-02]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-26]
CHR HKU\S-1-5-21-583907252-527237240-839522115-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 AMInstantService; C:\Program Files\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse)
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121600 2013-04-05] (Intel Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 WINZIPSSDiskOptimizer; C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe [267384 2014-07-23] (WinZip Computing, S.L. (WinZip Computing))
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-12-12] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R2 CX23880; C:\WINDOWS\System32\drivers\cx88vid.sys [160256 2004-10-13] (Conexant Systems, Inc.) [File not signed]
R2 CX88ENC; C:\WINDOWS\System32\drivers\cx88enc.sys [297344 2004-10-13] (Conexant Systems, Inc.) [File not signed]
R3 CXAVXBAR; C:\WINDOWS\System32\drivers\cxavxbar.sys [9472 2004-10-13] (Conexant Systems, Inc.) [File not signed]
R2 CXTUNE; C:\WINDOWS\System32\drivers\CX88TUNE.sys [31616 2004-10-13] (Conexant Systems, Inc.) [File not signed]
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-15] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-15] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-15] (HP)
R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [148256 2017-04-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-05-02] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [220088 2017-05-02] (Malwarebytes)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-02 23:27 - 2017-05-02 23:33 - 00000000 ____D C:\AVG_Remover
2017-04-30 23:06 - 2017-05-01 00:07 - 00027585 _____ C:\Documents and Settings\HP_Administrator\Desktop\Addition.txt
2017-04-30 23:03 - 2017-04-30 23:03 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion
2017-04-29 22:50 - 2017-04-29 22:50 - 00002313 _____ C:\Documents and Settings\HP_Administrator\Desktop\malwarebytescanlog.txt
2017-04-29 22:40 - 2017-04-29 22:40 - 00002359 _____ C:\Documents and Settings\HP_Administrator\Desktop\results malware1.txt
2017-04-29 01:37 - 2017-05-02 23:32 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-29 01:37 - 2017-05-02 23:32 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-04-29 01:37 - 2017-04-29 01:37 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-29 01:36 - 2017-04-29 01:36 - 00001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-04-29 01:36 - 2017-04-29 01:36 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-29 01:36 - 2017-04-29 01:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-04-29 01:36 - 2017-04-29 01:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-04-29 01:36 - 2017-03-22 11:02 - 00059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-04-29 01:30 - 2017-04-29 01:30 - 00004749 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt
2017-04-29 01:15 - 2017-04-29 01:15 - 00030798 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[C0].txt
2017-04-29 01:07 - 2017-04-29 01:07 - 00028503 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[S0].txt
2017-04-29 01:02 - 2017-04-29 01:12 - 00000000 ____D C:\AdwCleaner
2017-04-02 22:31 - 2017-04-02 22:31 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Temp
2017-04-02 05:47 - 2017-04-02 05:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2017-04-02 05:47 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-02 23:46 - 2017-03-29 01:22 - 00011154 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt
2017-05-02 23:46 - 2017-03-29 01:21 - 00000000 ____D C:\FRST
2017-05-02 23:46 - 2013-05-30 11:23 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Temp
2017-05-02 23:33 - 2013-05-30 14:57 - 00003668 _____ C:\WINDOWS\ModemLog_LSI PCI Soft Modem.txt
2017-05-02 23:32 - 2014-10-28 21:37 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-05-02 23:32 - 2014-04-03 17:16 - 00000244 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-05-02 23:32 - 2013-05-30 11:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-02 23:32 - 2013-05-30 11:12 - 00000000 ____D C:\WINDOWS\Registration
2017-05-02 23:30 - 2013-05-30 11:23 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini
2017-05-02 23:30 - 2013-05-30 11:19 - 00032630 _____ C:\WINDOWS\SchedLgU.Txt
2017-05-02 23:28 - 2015-12-08 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2017-05-02 23:28 - 2014-12-01 09:47 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Avg
2017-05-02 23:10 - 2014-10-28 21:37 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-05-02 23:10 - 2014-02-19 22:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-05-02 23:10 - 2004-08-10 07:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2017-05-01 00:55 - 2013-05-30 11:23 - 00000000 ___RD C:\Documents and Settings\HP_Administrator\My Documents
2017-04-30 23:03 - 2017-03-29 01:21 - 01768960 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2017-04-30 23:00 - 2013-05-30 11:23 - 00000000 ____D C:\Documents and Settings\HP_Administrator
2017-04-29 22:41 - 2014-09-27 08:14 - 00000000 ____D C:\Program Files\WinZip System Utilities Suite
2017-04-29 22:40 - 2014-09-27 08:36 - 00000508 _____ C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
2017-04-29 01:11 - 2014-10-02 09:03 - 00000000 ____D C:\Program Files\Yahoo!
2017-04-12 03:05 - 2013-05-31 12:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2017-04-08 15:00 - 2014-04-03 17:16 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-04-02 05:51 - 2013-05-30 06:30 - 00000000 ___HD C:\WINDOWS\inf
2017-04-02 05:46 - 2013-05-30 06:38 - 08147109 _____ C:\WINDOWS\setupapi.log.0.old
 
==================== Files in the root of some directories =======
 
2014-01-30 01:25 - 2014-09-30 08:44 - 0000187 _____ () C:\Documents and Settings\HP_Administrator\Application Data\default.rss
2014-09-30 09:11 - 2014-09-30 09:11 - 0000139 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2013-10-28 01:59 - 2014-12-06 21:25 - 0001082 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
 
Some files in TEMP:
====================
2016-04-07 20:41 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081210861884.exe
2016-07-27 03:35 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08146607745.exe
2016-04-18 16:03 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081531248969.exe
2016-05-13 17:51 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081777684093.exe
2016-06-24 02:03 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_082121049372.exe
2016-05-31 10:46 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08301816953.exe
2016-01-05 11:03 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08704003961.exe
2016-08-22 04:30 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08821063848.exe
2016-03-06 19:06 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08930022315.exe
2016-01-15 19:12 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08931435874.exe
2013-06-12 14:07 - 2013-06-12 14:07 - 3238936 _____ (AVG Secure Search) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\oi_{78F0BD64-537B-4208-9699-A919E2635BA9}.exe
2013-05-31 12:39 - 2006-10-27 23:14 - 0145184 _____ (Microsoft Corporation) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ose00000.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
addition file
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-04-2017
Ran by HP_Administrator (02-05-2017 23:47:19)
Running from C:\Documents and Settings\HP_Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-05-30 15:18:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-583907252-527237240-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-583907252-527237240-839522115-1004 - Limited - Enabled)
Guest (S-1-5-21-583907252-527237240-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-583907252-527237240-839522115-1000 - Limited - Disabled)
HP_Administrator (S-1-5-21-583907252-527237240-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator
SUPPORT_388945a0 (S-1-5-21-583907252-527237240-839522115-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AiO_Scan (Version: 50.0.227.000 - Hewlett-Packard) Hidden
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.06-040909a-018560C-HP - )
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.02 - CyberLink Corp.)
GameHouse Games (HKLM\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP PSC & OfficeJet 4.7 (HKLM\...\{5469D537-9B44-4c78-BF2D-5F9807564F74}) (Version:  - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}) (Version:  - HP)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Network Connections 18.3.62.0 (HKLM\...\{FCF3ECF7-7AE0-4E26-B387-09A3A80B79CC}) (Version: 18.3.62.0 - Intel)
Levels 1, 2 & 3 Latin American Spanish 5-User Edition (HKLM\...\{3B647532-F01A-458B-87F6-06B046D657CB}) (Version: 1.1.16 - TOPICS Entertainment)
LightScribe System Software (HKLM\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
LSI PCI Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Menu Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{97a9b6eb-4f13-4bdc-8600-cb49736aff2d}) (Version:  - Nero AG)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6873 - Realtek Semiconductor Corp.)
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip System Utilities Suite (HKLM\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1) (Version: 2.5.1000.15714 - WinZip Computing, S.L. (WinZip Computing))
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job => C:\Program Files\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Documents and Settings\HP_Administrator\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
 
==================== Loaded Modules (Whitelisted) ==============
 
2004-08-10 07:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 07:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 07:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2004-08-10 07:00 - 2005-08-05 13:06 - 00165376 _____ () C:\WINDOWS\system32\mpg2splt.ax
2004-08-10 07:00 - 2005-08-05 14:01 - 00159744 _____ () C:\WINDOWS\system32\VBICodec.ax
2004-08-10 07:00 - 2011-10-14 17:38 - 00456192 _____ () C:\WINDOWS\system32\encdec.dll
2017-04-29 01:36 - 2017-03-22 10:24 - 01736992 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-10-02 09:05 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-10 07:00 - 2004-08-10 07:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-583907252-527237240-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1 - 71.252.0.12
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Common\HPDeviceDetection3.exe] => Enabled:HP Device Detection
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zS4085\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\temp\usbvid_03f0&pid_4211&mi_00\setup\HPZnet01.exe] => Enabled:hpznet01.exe
StandardProfile\AuthorizedApplications: [C:\temp\usbvid_03f0&pid_4211&mi_00\setup\hponicifs01.exe] => Enabled:hponicifs01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
==================== Restore Points =========================
 
01-02-2017 23:55:16 System Checkpoint
03-02-2017 01:38:03 System Checkpoint
04-02-2017 04:07:46 System Checkpoint
05-02-2017 05:36:34 System Checkpoint
06-02-2017 06:19:17 System Checkpoint
07-02-2017 07:19:15 System Checkpoint
08-02-2017 08:19:15 System Checkpoint
10-02-2017 03:43:14 System Checkpoint
11-02-2017 03:55:16 System Checkpoint
12-02-2017 04:00:54 System Checkpoint
13-02-2017 04:50:45 System Checkpoint
14-02-2017 05:50:18 System Checkpoint
15-02-2017 05:50:29 System Checkpoint
16-02-2017 06:50:25 System Checkpoint
17-02-2017 07:50:20 System Checkpoint
18-02-2017 08:48:27 System Checkpoint
19-02-2017 09:47:19 System Checkpoint
20-02-2017 10:43:33 System Checkpoint
21-02-2017 11:36:40 System Checkpoint
22-02-2017 12:34:57 System Checkpoint
23-02-2017 12:36:00 System Checkpoint
24-02-2017 13:29:57 System Checkpoint
25-02-2017 14:29:33 System Checkpoint
26-02-2017 15:05:07 System Checkpoint
27-02-2017 15:21:05 System Checkpoint
28-02-2017 16:20:08 System Checkpoint
01-03-2017 16:20:32 System Checkpoint
02-03-2017 16:21:04 System Checkpoint
03-03-2017 16:21:07 System Checkpoint
04-03-2017 17:21:06 System Checkpoint
05-03-2017 18:21:06 System Checkpoint
06-03-2017 19:07:44 System Checkpoint
07-03-2017 19:57:38 System Checkpoint
08-03-2017 20:53:52 System Checkpoint
09-03-2017 21:29:13 System Checkpoint
10-03-2017 22:16:49 System Checkpoint
11-03-2017 23:09:57 System Checkpoint
12-03-2017 23:51:22 System Checkpoint
14-03-2017 00:16:43 System Checkpoint
15-03-2017 01:16:26 System Checkpoint
16-03-2017 02:34:48 System Checkpoint
16-03-2017 03:00:50 Software Distribution Service 3.0
17-03-2017 03:08:17 System Checkpoint
18-03-2017 04:07:56 System Checkpoint
19-03-2017 05:07:55 System Checkpoint
20-03-2017 06:07:40 System Checkpoint
21-03-2017 07:07:24 System Checkpoint
22-03-2017 08:03:11 System Checkpoint
23-03-2017 09:00:36 System Checkpoint
24-03-2017 09:13:15 System Checkpoint
25-03-2017 09:39:06 System Checkpoint
26-03-2017 09:47:30 System Checkpoint
28-03-2017 00:56:52 System Checkpoint
29-03-2017 07:11:17 System Checkpoint
30-03-2017 07:32:13 System Checkpoint
31-03-2017 08:28:17 System Checkpoint
01-04-2017 09:27:17 System Checkpoint
02-04-2017 05:47:53 Installed Windows XP Wdf01009.
04-04-2017 06:06:37 Removed AVG
03-04-2017 06:38:36 System Checkpoint
11-04-2017 00:54:05 Removed AVG
05-04-2017 06:48:10 System Checkpoint
06-04-2017 07:47:25 System Checkpoint
07-04-2017 08:46:46 System Checkpoint
08-04-2017 08:46:57 System Checkpoint
09-04-2017 09:08:51 System Checkpoint
10-04-2017 09:42:34 System Checkpoint
11-04-2017 10:18:48 System Checkpoint
12-04-2017 03:02:03 Removed AVG
12-04-2017 03:01:03 Software Distribution Service 3.0
25-04-2017 01:39:38 Removed AVG
13-04-2017 13:30:07 System Checkpoint
14-04-2017 14:27:36 System Checkpoint
15-04-2017 14:36:12 System Checkpoint
16-04-2017 15:24:40 System Checkpoint
17-04-2017 15:25:26 System Checkpoint
18-04-2017 15:25:31 System Checkpoint
19-04-2017 16:25:30 System Checkpoint
20-04-2017 17:25:29 System Checkpoint
21-04-2017 17:45:10 System Checkpoint
22-04-2017 18:35:46 System Checkpoint
24-04-2017 01:59:35 System Checkpoint
28-04-2017 02:58:49 Removed AVG
26-04-2017 01:59:24 System Checkpoint
27-04-2017 03:50:28 System Checkpoint
28-04-2017 05:21:05 System Checkpoint
02-05-2017 11:36:31 Removed AVG
29-04-2017 01:26:56 JRT Pre-Junkware Removal
30-04-2017 01:44:21 System Checkpoint
01-05-2017 02:01:12 System Checkpoint
02-05-2017 02:59:00 System Checkpoint
02-05-2017 11:39:07 Removed AVG
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/02/2017 11:07:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avguix.exe, version 1.182.2.64574, faulting module libcef.dll, version 3.2623.1401.0, fault address 0x00c4a64c.
Processing media-specific event for [avguix.exe!ws!]
 
Error: (05/02/2017 11:07:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application avguix.exe, version 1.182.2.64574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (05/02/2017 11:07:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application avguix.exe, version 1.182.2.64574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (05/02/2017 11:36:02 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1704. SA_Error1704: StandardAction(0xC00706A8): An installation for AVG is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
 
Error: (04/28/2017 02:58:05 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1704. An installation for AVG is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
Error: (04/25/2017 09:53:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application spider.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/25/2017 09:52:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application spider.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/25/2017 01:39:09 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1704. SA_Error1704: StandardAction(0xC00706A8): An installation for AVG is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
 
Error: (04/12/2017 11:22:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application spider.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/12/2017 11:22:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application spider.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (05/02/2017 11:19:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgdiskx
AVGIDSHX
 
Error: (05/02/2017 11:12:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The avgbIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).
 
Error: (05/02/2017 11:11:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avgbidsdriver
Avgdiskx
AVGIDSHX
 
Error: (04/30/2017 11:03:57 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The avgbIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).
 
Error: (04/30/2017 11:02:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avgbidsdriver
Avgdiskx
AVGIDSHX
 
Error: (04/29/2017 10:43:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgdiskx
AVGIDSDriverl
AVGIDSHX
 
Error: (04/29/2017 08:36:12 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\WinZip System Utilities Suite\mfc90u.dll.
Reference error message: The operation completed successfully.
.
 
Error: (04/29/2017 08:36:12 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "C:\Program Files\WinZip System Utilities Suite\Microsoft.VC90.MFCLOC.MANIFEST" on line 4.
 
Error: (04/29/2017 08:36:12 AM) (Source: SideBySide) (EventID: 34) (User: )
Description: Component identity found in manifest does not match the identity of the component requested
 
Error: (04/29/2017 08:36:01 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\WinZip System Utilities Suite\mfc90u.dll.
Reference error message: The operation completed successfully.
.
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 3.20GHz
Percentage of memory in use: 34%
Total physical RAM: 2046.39 MB
Available physical RAM: 1336.94 MB
Total Virtual: 3938.21 MB
Available Virtual: 3352.05 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.75 GB) (Free:378.53 GB) NTFS ==>[drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 5FE34B69)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Logs look better and I don't see any Malware.

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page =  
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Chrome, Virus, code popup

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP