Hello trusty friends!
Strange thing happened. when I click on my Google Chrome - my Google screen starts flickering, automatically goes to full screen, and keeps flickering until I can manage to put in an url. In addition, if there is any text input box like a search box for said url - like your site - the screen splits when I type and the html code appears to the right.
Here is my FST scan below.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by HP_Administrator (administrator) on OWNER-HP (29-03-2017 01:22:02)
Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Loaded Profiles: HP_Administrator & Administrator (Available Profiles: HP_Administrator &
Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United
States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
ol/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be
moved.)
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
( ) C:\Program Files\FromDocToPDF_65\bar\1.bin\APPINTEGRATOR.EXE
(VER_COMPANY_NAME) C:\Program Files\FromDocToPDF_65\bar\1.bin\65brmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Hewlett-Packard Company) C:\Program Files\Common
Files\LightScribe\LightScribeControlPanel.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(GameHouse) C:\Program Files\GameHouse Games\aminstantservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files\WinZip System Utilities
Suite\WINZIPSSDefragSrv.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\spider.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or
removed. The file will not be moved.)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft
Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20143688 2013-03-12] (Realtek
Semiconductor Corp.)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
[87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944
2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [1707080
2016-11-21] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FromDocToPDF Home Page Guard 32 bit] => C:\Program
Files\FromDocToPDF_65\bar\1.bin\AppIntegrator.exe [421448 2014-02-03] ( )
HKLM\...\Run: [FromDocToPDF_65 Browser Plugin Loader] => C:\Program
Files\FromDocToPDF_65\bar\1.bin\65brmon.exe [61512 2014-02-03] (VER_COMPANY_NAME)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944
2016-12-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-09-09] (ATI Technologies
Inc.)
HKU\S-1-5-21-583907252-527237240-839522115-1003\...\Run: [LightScribe Control Panel] =>
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16]
(Hewlett-Packard Company)
HKU\S-1-5-21-583907252-527237240-839522115-1003\...\Run: [MSMSGS] => C:\Program
Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-583907252-527237240-839522115-1003\...\Run: [Messenger (Yahoo!)] => C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007
Screen Clipper and Launcher.lnk [2015-05-20]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft
Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or
restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12
Tcpip\..\Interfaces\{48B313EE-5599-4990-9F6D-65190A0F3613}: [DhcpNameServer] 192.168.1.1
71.252.0.12
Internet Explorer:
==================
HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet
Explorer\Main,Start Page =
hxxps://mysearch.avg.com?cid={21B8D846-7BA1-4773-8D87-FC1872E85CBC}&mid=e6eaafe6c59947d38318
d157caa938a5-c7c7d6b9ba2d48fe1a2e979742a89868954fb053&lang=en&ds=AVG&coid=avgtbavg&cmpid=071
5tb&pr=fr&d=2013-06-12 14:07:55&v=19.6.0.592&pid=safeguard&sg=0&sap=hp
HKU\S-1-5-21-583907252-527237240-839522115-1003\Software\Microsoft\Internet
Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-583907252-527237240-839522115-1003 - (No Name) -
{4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program
Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
URLSearchHook: HKU\S-1-5-21-583907252-527237240-839522115-1003 - YTNavAssistPlugin Class -
{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program
Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
URLSearchHook: [S-1-5-21-583907252-527237240-839522115-500] ATTENTION => Default
URLSearchHook is missing
SearchScopes: HKLM -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL =
hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S08555^us&si=CKD7sYuWsbwCFZN9Ogod
lyAA3g&ptb=C182BA99-F555-41EC-9C27-CE14C2EEF4B5&ind=2014020319&n=780b82df&psa=&st=sb&searchf
or={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-527237240-839522115-1003 -> DefaultScope
{95B7759C-8C7F-4BF1-B163-73684A933233} URL =
hxxps://mysearch.avg.com/search?cid={21B8D846-7BA1-4773-8D87-FC1872E85CBC}&mid=e6eaafe6c5994
7d38318d157caa938a5-c7c7d6b9ba2d48fe1a2e979742a89868954fb053&lang=en&ds=AVG&coid=avgtbavg&cm
pid=0415tb&pr=fr&d=2013-06-12
14:07:55&v=19.6.0.592&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-527237240-839522115-1003 ->
{95B7759C-8C7F-4BF1-B163-73684A933233} URL =
hxxps://mysearch.avg.com/search?cid={21B8D846-7BA1-4773-8D87-FC1872E85CBC}&mid=e6eaafe6c5994
7d38318d157caa938a5-c7c7d6b9ba2d48fe1a2e979742a89868954fb053&lang=en&ds=AVG&coid=avgtbavg&cm
pid=0415tb&pr=fr&d=2013-06-12
14:07:55&v=19.6.0.592&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-527237240-839522115-1003 ->
{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL =
hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S08555^us&si=CKD7sYuWsbwCFZN9Ogod
lyAA3g&ptb=C182BA99-F555-41EC-9C27-CE14C2EEF4B5&ind=2014020319&n=780b82df&psa=&st=sb&searchf
or={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program
Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2014-09-18] (Yahoo! Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program
Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft
Corporation)
BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG
SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-11-21] (AVG Secure
Search)
BHO: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program
Files\FromDocToPDF_65\bar\1.bin\65bar.dll [2014-02-03] (Mindspark)
BHO: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program
Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll [2014-02-03] (Mindspark)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program
Files\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-11-21] (AVG
Secure Search)
Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program
Files\FromDocToPDF_65\bar\1.bin\65bar.dll [2014-02-03] (Mindspark)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2014-09-18] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-583907252-527237240-839522115-1003 -> No Name -
{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-583907252-527237240-839522115-1003 -> FromDocToPDF -
{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - C:\Program
Files\FromDocToPDF_65\bar\1.bin\65bar.dll [2014-02-03] (Mindspark)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?13913
09566489
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.
0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program
Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft
Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common
Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-11-21] (AVG Secure
Search)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] -
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) -
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension [2013-05-30] [not signed]
FF Plugin: @avg.com/AVG SiteSafety
plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common
Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin: @FromDocToPDF_65.com/Plugin -> C:\Program
Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll [No File]
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program
Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows
Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program
Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program
Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[2014-08-05] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Application
Data\Google\Chrome\User Data\Default [2017-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and
Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-26]
CHR
HKU\S-1-5-21-583907252-527237240-839522115-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome
\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] -
hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will
not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI
Corporation)
R2 AMInstantService; C:\Program Files\GameHouse Games\aminstantservice.exe [2041776
2016-10-26] (GameHouse)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-02-22] (AVG
Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG
Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-02-22] (AVG Technologies CZ,
s.r.o.)
S2 FromDocToPDF_65Service; C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe [88648
2014-02-03] (COMPANYVERS_NAME)
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121600
2013-04-05] (Intel Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728
2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not
signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not
signed]
R2 WINZIPSSDiskOptimizer; C:\Program Files\WinZip System Utilities
Suite\WINZIPSSDefragSrv.exe [267384 2014-07-23] (WinZip Computing, S.L. (WinZip Computing))
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will
not be moved unless listed separately.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies
CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2017-02-20] (AVG
Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies
CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG
Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies
CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies
CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies
CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies
CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies
CZ, s.r.o.)
R0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies
CZ, s.r.o.)
S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-12-12] (Broadcom
Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft
Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File
not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R2 CX23880; C:\WINDOWS\System32\drivers\cx88vid.sys [160256 2004-10-13] (Conexant Systems,
Inc.) [File not signed]
R2 CX88ENC; C:\WINDOWS\System32\drivers\cx88enc.sys [297344 2004-10-13] (Conexant Systems,
Inc.) [File not signed]
R3 CXAVXBAR; C:\WINDOWS\System32\drivers\cxavxbar.sys [9472 2004-10-13] (Conexant Systems,
Inc.) [File not signed]
R2 CXTUNE; C:\WINDOWS\System32\drivers\CX88TUNE.sys [31616 2004-10-13] (Conexant Systems,
Inc.) [File not signed]
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-15] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-15] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-15] (HP)
R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation)
[File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft
Corporation)
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will
not be moved unless listed separately.)
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-29 01:21 - 2017-03-29 01:22 - 00000000 ____D C:\FRST
2017-03-27 02:12 - 2017-03-27 02:12 - 00000000 __SHD C:\Documents and
Settings\Administrator\IETldCache
2017-03-27 02:11 - 2017-03-27 02:18 - 00000178 ___SH C:\Documents and
Settings\Administrator\ntuser.ini
2017-03-27 02:11 - 2017-03-27 02:12 - 00000000 ____D C:\Documents and Settings\Administrator
2017-03-27 02:11 - 2014-02-03 04:03 - 00000000 ____D C:\Documents and
Settings\Administrator\Local Settings\Application Data\Microsoft Help
2017-03-27 02:11 - 2013-07-25 08:59 - 00000000 ____D C:\Documents and
Settings\Administrator\Application Data\TuneUp Software
2017-03-27 02:11 - 2013-05-30 11:15 - 00001599 _____ C:\Documents and
Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2017-03-27 02:11 - 2013-05-30 11:15 - 00000792 _____ C:\Documents and
Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2017-03-27 02:11 - 2013-05-30 06:38 - 00000000 ____D C:\Documents and
Settings\Administrator\My Documents
2017-03-27 02:11 - 2013-05-30 06:38 - 00000000 ____D C:\Documents and
Settings\Administrator\Local Settings\Temp
2017-03-27 01:32 - 2017-03-27 01:38 - 00000666 _____ C:\Documents and
Settings\HP_Administrator\Desktop\avgrep.txt
2017-03-27 01:04 - 2017-03-28 00:18 - 00126430 _____ C:\WINDOWS\ntbtlog.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-29 01:22 - 2013-05-30 11:23 - 00000000 ____D C:\Documents and
Settings\HP_Administrator\Local Settings\Temp
2017-03-29 01:11 - 2013-06-12 14:05 - 00000000 ____D C:\Documents and Settings\All
Users\Application Data\MFAData
2017-03-29 00:53 - 2014-02-19 22:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player
Updater.job
2017-03-29 00:47 - 2014-10-28 21:37 - 00000886 _____
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-03-28 17:47 - 2014-10-28 21:37 - 00000882 _____
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-03-28 11:53 - 2013-05-30 11:19 - 00032558 _____ C:\WINDOWS\SchedLgU.Txt
2017-03-28 00:33 - 2016-09-20 08:04 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-03-28 00:25 - 2013-05-30 06:38 - 00577068 _____
C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-28 00:21 - 2013-05-30 14:57 - 00003668 _____ C:\WINDOWS\ModemLog_LSI PCI Soft
Modem.txt
2017-03-28 00:21 - 2013-05-30 11:12 - 00000000 ____D C:\WINDOWS\Registration
2017-03-28 00:19 - 2014-04-03 17:16 - 00000244 _____ C:\WINDOWS\Tasks\Microsoft Windows XP
End of Service Notification Logon.job
2017-03-28 00:19 - 2013-05-30 11:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-28 00:18 - 2013-05-30 11:23 - 00000178 ___SH C:\Documents and
Settings\HP_Administrator\ntuser.ini
2017-03-27 02:11 - 2013-05-30 06:37 - 00000000 ____D C:\Documents and Settings
2017-03-26 23:10 - 2014-09-27 08:36 - 00000470 _____
C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSOneClickCare.job
2017-03-26 23:10 - 2004-08-10 07:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2017-03-26 22:27 - 2014-09-27 08:36 - 00000508 _____
C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
2017-03-26 08:41 - 2013-05-30 06:30 - 00000000 ___HD C:\WINDOWS\inf
2017-03-19 23:41 - 2013-05-30 11:23 - 00000000 ___RD C:\Documents and
Settings\HP_Administrator\My Documents
2017-03-16 03:06 - 2013-05-31 12:40 - 00000000 ____D C:\Documents and Settings\All
Users\Application Data\Microsoft Help
2017-03-15 16:16 - 2013-05-31 12:43 - 00002515 _____ C:\Documents and
Settings\HP_Administrator\Desktop\Microsoft Office Word 2007.lnk
2017-03-15 07:49 - 2014-03-31 08:18 - 00000000 ____D C:\Documents and Settings\All
Users\Start Menu\Programs\AVG
2017-03-08 16:00 - 2014-04-03 17:16 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP
End of Service Notification Monthly.job
==================== Files in the root of some directories =======
2014-01-30 01:25 - 2014-09-30 08:44 - 0000187 _____ () C:\Documents and
Settings\HP_Administrator\Application Data\default.rss
2014-09-30 09:11 - 2014-09-30 09:11 - 0000139 _____ () C:\Documents and
Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2013-10-28 01:59 - 2014-12-06 21:25 - 0001082 _____ () C:\Documents and Settings\All
Users\Application Data\hpzinstall.log
Some files in TEMP:
====================
2016-04-07 20:41 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.)
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081210861884.exe
2016-07-27 03:35 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.)
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08146607745.exe
2016-04-18 16:03 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.)
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081531248969.exe
2016-05-13 17:51 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.)
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_081777684093.exe
2016-06-24 02:03 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.)
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_082121049372.exe
2016-05-31 10:46 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.)
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08301816953.exe
2016-01-05 11:03 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.)
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08704003961.exe
2016-08-22 04:30 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.)
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08821063848.exe
2016-03-06 19:06 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.)
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08930022315.exe
2016-01-15 19:12 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.)
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avguirn_08931435874.exe
2013-06-12 14:07 - 2013-06-12 14:07 - 3238936 _____ (AVG Secure Search) C:\Documents and
Settings\HP_Administrator\Local Settings\Temp\oi_{78F0BD64-537B-4208-9699-A919E2635BA9}.exe
2013-05-31 12:39 - 2006-10-27 23:14 - 0145184 _____ (Microsoft Corporation) C:\Documents and
Settings\HP_Administrator\Local Settings\Temp\ose00000.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
and additional scan below;
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by HP_Administrator (29-03-2017 01:22:49)
Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-05-30 15:18:11)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-583907252-527237240-839522115-500 - Administrator - Enabled) =>
%SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-583907252-527237240-839522115-1004 - Limited - Enabled)
Guest (S-1-5-21-583907252-527237240-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-583907252-527237240-839522115-1000 - Limited - Disabled)
HP_Administrator (S-1-5-21-583907252-527237240-839522115-1003 - Administrator - Enabled) =>
%SystemDrive%\Documents and Settings\HP_Administrator
SUPPORT_388945a0 (S-1-5-21-583907252-527237240-839522115-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them.
The adware programs should be uninstalled manually.)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 -
Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version:
11.0.08 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
AiO_Scan (Version: 50.0.227.000 - Hewlett-Packard) Hidden
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.06-040909a-018560C-HP - )
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG (Version: 16.151.8007 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4769 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8007 - AVG Technologies)
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 19.6.0.592 - AVG
Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B})
(Version: 10.0.2312.02 - CyberLink Corp.)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
FromDocToPDF Internet Explorer Toolbar (HKLM\...\FromDocToPDF_65bar Uninstall Internet
Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
GameHouse Games (HKLM\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009
- HP)
HP PSC & OfficeJet 4.7 (HKLM\...\{5469D537-9B44-4c78-BF2D-5F9807564F74}) (Version: - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}) (Version: - HP)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Network Connections 18.3.62.0 (HKLM\...\{FCF3ECF7-7AE0-4E26-B387-09A3A80B79CC})
(Version: 18.3.62.0 - Intel)
Levels 1, 2 & 3 Latin American Spanish 5-User Edition
(HKLM\...\{3B647532-F01A-458B-87F6-06B046D657CB}) (Version: 1.1.16 - TOPICS Entertainment)
LightScribe System Software (HKLM\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version:
1.18.18.1 - LightScribe)
LSI PCI Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Menu Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft
Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: -
Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: -
Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: -
Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2
(HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft
Corporation)
Microsoft .NET Framework 3.0 Service Pack 2
(HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft
Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: -
Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client
Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520)
(Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 -
Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3)
(HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A
2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft
Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE})
(Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2})
(Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
(HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft
Corporation)
Movie Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version:
4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version:
4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{97a9b6eb-4f13-4bdc-8600-cb49736aff2d}) (Version: - Nero AG)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
(Version: 5.10.0.6873 - Realtek Semiconductor Corp.)
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240})
(Version: 4.5.13.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642)
(HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA6
8E92D}) (Version: - Microsoft)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: -
Microsoft Corporation)
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8})
(Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: -
Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 -
Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft
Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft
Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft
Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft
Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft
Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft
Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 -
Microsoft Corporation)
WinZip System Utilities Suite (HKLM\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1)
(Version: 2.5.1000.15714 - WinZip Computing, S.L. (WinZip Computing))
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will
not be moved unless listed separately.)
CustomCLSID:
HKU\S-1-5-21-583907252-527237240-839522115-1003_Classes\CLSID\{4c60e5ab-5c68-4c59-abaa-88501
0b24b32}\InprocServer32 -> C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll
(Mindspark)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which
is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job =>
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup AVG Technologies
ጃ 0 ߡ ! 0ߡ !
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program
Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program
Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job =>
C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job =>
C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job => C:\Program Files\WinZip
System Utilities Suite\WINZIPSSCheckUpdate.exe
Task: C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSOneClickCare.job => C:\Program Files\WinZip System
Utilities Suite\WINZIPSS.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Documents and Settings\HP_Administrator\NetHood\My Web Sites on MSN\target.lnk
-> hxxp://www.msnusers.co
==================== Loaded Modules (Whitelisted) ==============
2016-11-21 23:28 - 2016-11-21 23:28 - 01707080 _____ () C:\Program Files\AVG SafeGuard
toolbar\vprot.exe
2010-08-16 13:21 - 2010-08-16 13:21 - 02121728 _____ () C:\Program Files\Common
Files\LightScribe\QtCore4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 07745536 _____ () C:\Program Files\Common
Files\LightScribe\QtGui4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 00135168 _____ () C:\Program Files\Common
Files\LightScribe\plugins\imageformats\qjpeg4.dll
2016-11-28 15:56 - 2016-11-28 15:56 - 48920064 _____ () C:\Program
Files\AVG\UiDll\2623\libcef.dll
2004-08-10 07:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 07:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 07:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2004-08-10 07:00 - 2005-08-05 13:06 - 00165376 _____ () C:\WINDOWS\system32\mpg2splt.ax
2004-08-10 07:00 - 2005-08-05 14:01 - 00159744 _____ () C:\WINDOWS\system32\VBICodec.ax
2004-08-10 07:00 - 2011-10-14 17:38 - 00456192 _____ () C:\WINDOWS\system32\encdec.dll
2014-10-02 09:05 - 2012-05-25 04:25 - 00921600 _____ () C:\Program
Files\Yahoo!\Messenger\yui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The
"AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or
removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-10 07:00 - 2004-08-10 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-583907252-527237240-839522115-1003\Control Panel\Desktop\\Wallpaper ->
C:\Documents and Settings\HP_Administrator\Local Settings\Application
Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-583907252-527237240-839522115-500\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 192.168.1.1 - 71.252.0.12
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will
not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe]
=> Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program
Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft
Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft
Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft
Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] =>
Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Common\HPDeviceDetection3.exe]
=> Enabled:HP Device Detection
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Local
Settings\Temp\7zS4085\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] =>
Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a
DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] =>
Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] =>
Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program
Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications:
[C:\temp\usbvid_03f0&pid_4211&mi_00\setup\HPZnet01.exe] => Enabled:hpznet01.exe
StandardProfile\AuthorizedApplications:
[C:\temp\usbvid_03f0&pid_4211&mi_00\setup\hponicifs01.exe] => Enabled:hponicifs01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital
Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital
Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] =>
Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] =>
Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] =>
Enabled:Personal Email Scanner
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
==================== Restore Points =========================
29-12-2016 12:36:54 System Checkpoint
30-12-2016 13:36:41 System Checkpoint
31-12-2016 14:35:59 System Checkpoint
01-01-2017 14:36:10 System Checkpoint
02-01-2017 15:35:17 System Checkpoint
03-01-2017 16:35:10 System Checkpoint
05-01-2017 00:01:07 System Checkpoint
06-01-2017 02:38:31 System Checkpoint
07-01-2017 03:32:51 System Checkpoint
08-01-2017 05:27:05 System Checkpoint
09-01-2017 06:26:39 System Checkpoint
10-01-2017 06:27:04 System Checkpoint
11-01-2017 07:26:56 System Checkpoint
12-01-2017 08:24:31 System Checkpoint
13-01-2017 09:22:59 System Checkpoint
14-01-2017 10:21:46 System Checkpoint
15-01-2017 11:20:15 System Checkpoint
16-01-2017 12:18:07 System Checkpoint
17-01-2017 12:19:05 System Checkpoint
18-01-2017 12:19:12 System Checkpoint
19-01-2017 13:19:10 System Checkpoint
20-01-2017 14:19:09 System Checkpoint
21-01-2017 14:19:12 System Checkpoint
22-01-2017 15:19:12 System Checkpoint
23-01-2017 16:19:12 System Checkpoint
24-01-2017 17:06:18 System Checkpoint
25-01-2017 17:19:12 System Checkpoint
26-01-2017 18:19:12 System Checkpoint
27-01-2017 19:19:16 System Checkpoint
28-01-2017 19:43:15 System Checkpoint
29-01-2017 20:19:13 System Checkpoint
30-01-2017 21:19:13 System Checkpoint
31-01-2017 22:19:16 System Checkpoint
01-02-2017 23:55:16 System Checkpoint
03-02-2017 01:38:03 System Checkpoint
04-02-2017 04:07:46 System Checkpoint
05-02-2017 05:36:34 System Checkpoint
06-02-2017 06:19:17 System Checkpoint
07-02-2017 07:19:15 System Checkpoint
08-02-2017 08:19:15 System Checkpoint
10-02-2017 03:43:14 System Checkpoint
11-02-2017 03:55:16 System Checkpoint
12-02-2017 04:00:54 System Checkpoint
13-02-2017 04:50:45 System Checkpoint
14-02-2017 05:50:18 System Checkpoint
15-02-2017 05:50:29 System Checkpoint
16-02-2017 06:50:25 System Checkpoint
17-02-2017 07:50:20 System Checkpoint
18-02-2017 08:48:27 System Checkpoint
19-02-2017 09:47:19 System Checkpoint
20-02-2017 10:43:33 System Checkpoint
21-02-2017 11:36:40 System Checkpoint
22-02-2017 12:34:57 System Checkpoint
23-02-2017 12:36:00 System Checkpoint
24-02-2017 13:29:57 System Checkpoint
25-02-2017 14:29:33 System Checkpoint
26-02-2017 15:05:07 System Checkpoint
27-02-2017 15:21:05 System Checkpoint
28-02-2017 16:20:08 System Checkpoint
01-03-2017 16:20:32 System Checkpoint
02-03-2017 16:21:04 System Checkpoint
03-03-2017 16:21:07 System Checkpoint
04-03-2017 17:21:06 System Checkpoint
05-03-2017 18:21:06 System Checkpoint
06-03-2017 19:07:44 System Checkpoint
07-03-2017 19:57:38 System Checkpoint
08-03-2017 20:53:52 System Checkpoint
09-03-2017 21:29:13 System Checkpoint
10-03-2017 22:16:49 System Checkpoint
11-03-2017 23:09:57 System Checkpoint
12-03-2017 23:51:22 System Checkpoint
14-03-2017 00:16:43 System Checkpoint
15-03-2017 01:16:26 System Checkpoint
16-03-2017 02:34:48 System Checkpoint
16-03-2017 03:00:50 Software Distribution Service 3.0
17-03-2017 03:08:17 System Checkpoint
18-03-2017 04:07:56 System Checkpoint
19-03-2017 05:07:55 System Checkpoint
20-03-2017 06:07:40 System Checkpoint
21-03-2017 07:07:24 System Checkpoint
22-03-2017 08:03:11 System Checkpoint
23-03-2017 09:00:36 System Checkpoint
24-03-2017 09:13:15 System Checkpoint
25-03-2017 09:39:06 System Checkpoint
26-03-2017 09:47:30 System Checkpoint
28-03-2017 00:56:52 System Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/24/2017 03:03:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 49.0.2623.112, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error: (12/14/2016 12:50:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application island2.exe, version 0.0.0.0, faulting module island2.exe,
version 0.0.0.0, fault address 0x0002458c.
Processing media-specific event for [island2.exe!ws!]
Error: (12/06/2016 01:02:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application game_atlantis_win.exe, version 0.0.0.0, faulting module
game_atlantis_win.exe, version 0.0.0.0, fault address 0x0006d3c1.
Processing media-specific event for [game_atlantis_win.exe!ws!]
Error: (10/15/2016 10:32:49 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at:
ab> with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error: (10/15/2016 10:32:48 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at:
ab> with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error: (08/11/2016 02:27:37 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from:
xt> with error: The specified server cannot perform the requested operation.
Error: (08/11/2016 02:27:37 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from:
xt> with error: The specified server cannot perform the requested operation.
Error: (08/11/2016 02:27:31 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from:
xt> with error: This operation returned because the timeout period expired.
Error: (08/11/2016 07:52:51 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from:
xt> with error: The specified server cannot perform the requested operation.
Error: (08/11/2016 07:52:51 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from:
xt> with error: The specified server cannot perform the requested operation.
System errors:
=============
Error: (03/29/2017 01:10:53 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Error: (03/29/2017 01:10:53 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Error: (03/28/2017 12:38:46 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.6 for the Network Card with network address
001E8C4DD156 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Error: (03/28/2017 12:21:06 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.
Error: (03/28/2017 12:21:06 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.
Error: (03/28/2017 12:18:17 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode"
attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (03/27/2017 02:18:39 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode"
attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (03/27/2017 02:18:38 AM) (Source: DCOM) (EventID: 10005) (User: OWNER-HP)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode"
attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error: (03/27/2017 02:18:12 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode"
attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (03/27/2017 02:17:18 AM) (Source: DCOM) (EventID: 10005) (User: OWNER-HP)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode"
attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD3-2166-11D1-B1D0-00805FC1270E}
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 3.20GHz
Percentage of memory in use: 67%
Total physical RAM: 2046.39 MB
Available physical RAM: 665.89 MB
Total Virtual: 3937.77 MB
Available Virtual: 2986.71 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.75 GB) (Free:383.14 GB) NTFS ==>[drive with boot components
(Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 5FE34B69)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================