Cant connect to websites

Copy the content of the code box. I shortened the fix to only the bare essentials, to make it easy to copy.
Right click ZHP Suite
Run as admin.
Click on Repair.
In the top right click on the button I highlighted in the picture click first, then click the second button
1 then 2
You are not pasting anything, clicking the buttons in the order listed will do everything for you.
[ATTACH type=“full” alt=“1671708417112.png”]11090[/ATTACH]

Merry Christmas!! First the good news. IT fit in the box and created a restore point. The bad news is it got stuck right at the beginning on this line.

HKU\S-1-5-21-2314338359-2121603862-2684469121-1000\SOFTWARE\AusLogics =

In front of that line it said “key not found”

No warnings popped up on chrome.

Re run the fix and allow it to complete, it may stall for a couple minutes, this is normal.

Thanks, will do in the morning. Thanks for your efforts.

No problem. Let it run for 20 minutes if it takes that long, disable avast prior to running it.

I did it this morning and it finished. when i restarted everything went screwy and the comp would not start. Finally, a screen came up saying launch system repair and restore. I clicked that and it finally loaded. If it does that again isnt there a way to get to system restore right at startup by hitting F8 or some F key? It sent a report but it said it went to notepad and notepad is empty.

Ok. Now attach new Frst and addition logs please.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-12-2022
Ran by John (administrator) on SARAH-PC (Compaq-Presario GX618AA-ABA SR5350F) (24-12-2022 08:54:56)
Running from C:\Users\John\Desktop
Loaded Profiles: John
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software s.r.o. → AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(explorer.exe ->) (AOL Inc. → AOL Inc.) C:\Program Files\AIM\aim.exe
(explorer.exe ->) (Google Inc → Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe <4>
(explorer.exe ->) (Hewlett-Packard Company) [File not signed] C:\hp\support\hpsysdrv.exe
(explorer.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(explorer.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(explorer.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(explorer.exe ->) (Microsoft Windows Hardware Compatibility Publisher → Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(explorer.exe ->) (Mozilla Corporation → Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <2>
(explorer.exe ->) (OsdMaestro) [File not signed] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(services.exe ->) (Adobe Systems, Incorporated → Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (AVAST Software s.r.o. → AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (AVAST Software s.r.o. → AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(services.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher → Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(svchost.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\mobsync.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) [File not signed]
HKLM...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro) [File not signed]
HKLM...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Microsoft Windows Hardware Compatibility Publisher → Realtek Semiconductor)
HKLM...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2314338359-2121603862-2684469121-1000...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Windows → Microsoft Corporation)
HKU\S-1-5-21-2314338359-2121603862-2684469121-1000...\Run: [Aim] => C:\Program Files\AIM\aim.exe [4156312 2017-02-23] (AOL Inc. → AOL Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {7C040E69-E581-4AC7-8EB4-91071E0C4223} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-08-09] (Google Inc → Google Inc.)
Task: {82D27DDD-CDE9-4646-8F0E-62E5BACA334D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-08-09] (Google Inc → Google Inc.)
Task: {AB2E9287-6A5A-4902-9415-5286C3725604} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2762968 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
Task: {C33B7959-E56A-475B-BCD0-562348DC4289} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1630008 2018-05-31] (AVAST Software s.r.o. → AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\User_Feed_Synchronization-{2216E477-7DEF-4482-AD03-D42193D074E7}.job => C:\Windows\system32\msfeedssync.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip..\Interfaces{73B646CC-8C74-4151-84F9-23E4B03FD810}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
[HEADING=1]FireFox:[/HEADING]
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Prof iles\su7k0ty2.default-1670861870862 [2022-12-24]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Prof iles\su7k0ty2.default-1670861870862\Extensionssp@avast.com.xpi [2022-12-18] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (Avast Online Security & Privacy) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Prof iles\su7k0ty2.default-1670861870862\Extensionswrc@avast.com.xpi [2022-12-16]
FF Extension: (Hotfix for Firefox bug 1548973 (armagaddon 2.0) mitigation) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Prof iles\su7k0ty2.default-1670861870862\features{ea0acae6-9758-4065-b67b-99ceb4e67a4d}hotfix-bug-1548973@mozilla.org.xpi [2022-12-16] [Legacy]
FF HKLM...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-15] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_ 465.dll [2020-12-08] (Adobe Inc. → ) [File not signed]
FF Plugin: @java.com/DTPlugin,version=11.91.2 → C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1. dll [2016-05-10] (Oracle America, Inc. → Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 → C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-10] (Oracle America, Inc. → Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 → c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation → Microsoft Corporation)
FF Plugin: Adobe Reader → C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated → Adobe Systems Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2022-12-24]
CHR DownloadDir: C:\Users\John\Desktop
CHR Notifications: Default → hxxps://www.facebook.com; hxxps://www.facebook.com
CHR Extension: (Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-08-09]
CHR Extension: (Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2020-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2019-10-01]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2019-04-25]
CHR HKLM...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2020-12-08] (Adobe Inc. → Adobe) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Windows → Microsoft Corporation)
R2 XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [386560 2007-10-18] (Microsoft Windows Hardware Compatibility Publisher → Conexant Systems, Inc.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167480 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188976 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [165384 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284256 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57904 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [183176 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42736 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135200 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr.sys [70640 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784552 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [397984 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [146584 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310200 2022-12-15] (AVAST Software s.r.o. → AVAST Software)
R3 HSF_DP; C:\Windows\System32\DRIVERS\HSX_DP.sys [980992 2008-05-08] (Microsoft Windows Hardware Compatibility Publisher → Conexant Systems, Inc.)
R3 HSXHWBS2; C:\Windows\System32\DRIVERS\HSXHWBS2.sys [266752 2008-05-08] (Microsoft Windows Hardware Compatibility Publisher → Conexant Systems, Inc.)
S4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [35944 2006-11-02] (Microsoft Windows → Integrated Technology Express, Inc.)
S4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Microsoft Windows → Integrated Technology Express, Inc.)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] (Microsoft Windows Hardware Compatibility Publisher → Conexant)
S4 Mraid35x; C:\Windows\system32\drivers\mraid35x.sys [33384 2006-11-02] (Microsoft Windows → LSI Logic Corporation)
S4 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-02] (Microsoft Windows → N-trig Innovative Technologies)
R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [91648 2007-08-03] (Microsoft Windows Hardware Compatibility Publisher → Realtek Corporation)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2009-01-23] (Acronis, Inc → Acronis)
S4 uliahci; C:\Windows\system32\drivers\uliahci.sys [235112 2006-11-02] (Microsoft Windows → ULi Electronics Inc.)
S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [98408 2006-11-02] (Microsoft Windows → Promise Technology, Inc.)
S4 ulsata2; C:\Windows\system32\drivers\ulsata2.sys [115816 2006-11-02] (Microsoft Windows → Promise Technology, Inc.)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (Microsoft Windows Hardware Compatibility Publisher → America Online, Inc.)
R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [661504 2008-05-08] (Microsoft Windows Hardware Compatibility Publisher → Conexant Systems, Inc.)
R2 XAudio; C:\Windows\System32\DRIVERS\xaudio.sys [8704 2007-10-18] (Microsoft Windows Hardware Compatibility Publisher → Conexant Systems, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys
S3 IpInIp; system32\DRIVERS\ipinip.sys
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys
S3 SymIM; system32\DRIVERS\SymIM.sys
S3 SymIMMP; system32\DRIVERS\SymIM.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-24 08:54 - 2022-12-24 08:57 - 000014634 _____ C:\Users\John\Desktop\FRST.txt
2022-12-24 07:47 - 2022-12-24 07:47 - 000145216 _____ C:\Windows\Minidump\Mini122422-01.dmp
2022-12-22 13:14 - 2022-12-22 13:14 - 000145216 _____ C:\Windows\Minidump\Mini122222-01.dmp
2022-12-20 10:26 - 2022-12-24 07:40 - 000013235 _____ C:\Users\John\Desktop\ZHPFix.txt
2022-12-19 11:01 - 2022-12-21 16:05 - 000364416 _____ C:\Users\John\Desktop\ZHPDiag.txt
2022-12-19 10:50 - 2022-12-24 10:45 - 000000000 ____D C:\Users\John\AppData\Roaming\ZHP
2022-12-19 10:50 - 2022-12-19 10:50 - 000000731 _____ C:\Users\John\Desktop\ZHPSuite.lnk
2022-12-19 10:50 - 2022-12-19 10:50 - 000000000 ____D C:\Users\John\AppData\Local\ZHP
2022-12-18 09:46 - 2022-12-18 09:46 - 002078720 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2022-12-15 23:38 - 2022-12-15 23:38 - 000000000 ____D C:\Users\John\AppData\Roaming\AVAST Software
2022-12-15 23:08 - 2022-12-15 23:08 - 000001795 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2022-12-15 23:08 - 2022-12-15 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2022-12-15 23:05 - 2022-12-15 22:44 - 000323288 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2022-12-15 22:45 - 2022-12-19 19:07 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2022-12-15 22:45 - 2022-12-15 23:06 - 000784552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2022-12-15 22:45 - 2022-12-15 23:06 - 000397984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2022-12-15 22:45 - 2022-12-15 23:06 - 000183176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2022-12-15 22:45 - 2022-12-15 23:06 - 000135200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2022-12-15 22:45 - 2022-12-15 22:44 - 000310200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2022-12-15 22:45 - 2022-12-15 22:44 - 000284256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2022-12-15 22:45 - 2022-12-15 22:44 - 000188976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2022-12-15 22:45 - 2022-12-15 22:44 - 000167480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2022-12-15 22:45 - 2022-12-15 22:44 - 000165384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2022-12-15 22:45 - 2022-12-15 22:44 - 000146584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2022-12-15 22:45 - 2022-12-15 22:44 - 000072800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2022-12-15 22:45 - 2022-12-15 22:44 - 000070640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2022-12-15 22:45 - 2022-12-15 22:44 - 000057904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2022-12-15 22:45 - 2022-12-15 22:44 - 000042736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2022-12-15 22:45 - 2022-12-15 22:44 - 000040688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2022-12-15 22:43 - 2022-12-15 22:43 - 000000000 ____D C:\Program Files\AVAST Software
2022-12-15 21:57 - 2022-12-15 21:57 - 000000000 ____D C:\Users\John\AppData\Roaming\Crystal Security
2022-12-15 16:37 - 2022-12-15 16:37 - 000000000 ____D C:\ProgramData\MB2Migration
2022-12-15 16:37 - 2022-12-15 16:37 - 000000000 ____D C:\Program Files\Malwarebytes
2022-12-15 10:06 - 2022-12-15 14:28 - 000000000 ____D C:\AdwCleaner
2022-12-14 12:15 - 2022-12-18 09:45 - 000000000 ____D C:\KPRM
2022-12-14 08:46 - 2022-12-24 08:56 - 000000000 ____D C:\FRST
2022-12-12 11:18 - 2022-12-12 11:18 - 000000000 ____D C:\Users\John\Desktop\Old Firefox Data
2022-12-12 02:15 - 2022-12-12 02:15 - 000145216 _____ C:\Windows\Minidump\Mini121222-01.dmp
2022-12-04 08:25 - 2022-12-04 08:25 - 000145216 _____ C:\Windows\Minidump\Mini120422-01.dmp
2022-12-01 18:40 - 2022-12-01 18:40 - 000145216 _____ C:\Windows\Minidump\Mini120122-01.dmp
2022-11-27 20:43 - 2022-11-27 20:43 - 000145216 _____ C:\Windows\Minidump\Mini112722-01.dmp
2022-11-25 15:46 - 2022-11-25 15:46 - 000145216 _____ C:\Windows\Minidump\Mini112522-01.dmp
2022-11-24 13:53 - 2022-11-24 13:53 - 000145216 _____ C:\Windows\Minidump\Mini112422-01.dmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-24 10:46 - 2008-05-28 14:26 - 000000000 ____D C:\Users\John
2022-12-24 10:46 - 2006-11-02 05:22 - 033554432 _____ C:\Windows\system32\config\software_previous
2022-12-24 10:46 - 2006-11-02 05:22 - 028573696 _____ C:\Windows\system32\config\system_previous
2022-12-24 10:45 - 2016-07-08 22:56 - 000000000 ____D C:\Users\John\AppData\Roaming\AVG
2022-12-24 10:45 - 2010-10-27 15:36 - 000000000 ___RD C:\Users\John\Documents\Notes
2022-12-24 10:45 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool
2022-12-24 10:45 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration
2022-12-24 10:44 - 2016-07-08 22:43 - 000000000 ____D C:\Users\John\AppData\Local\AvgSetupLog
2022-12-24 10:44 - 2007-11-18 22:16 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2022-12-24 10:43 - 2006-11-02 05:22 - 039583744 _____ C:\Windows\system32\config\components_previous
2022-12-24 10:43 - 2006-11-02 05:22 - 000053248 _____ C:\Windows\system32\config\sam_previous
2022-12-24 08:28 - 2015-02-18 02:48 - 000000000 ____D C:\Program Files\Google
2022-12-24 07:57 - 2018-06-21 06:20 - 000000000 ____D C:\Users\John\AppData\Local\AVAST Software
2022-12-24 07:53 - 2016-11-16 18:21 - 000000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
2022-12-24 07:52 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf
2022-12-24 07:47 - 2008-08-01 14:35 - 000000000 ____D C:\Windows\Minidump
2022-12-24 07:47 - 2006-11-02 08:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-12-24 07:47 - 2006-11-02 07:47 - 000003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2022-12-24 07:47 - 2006-11-02 07:47 - 000003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2022-12-24 07:46 - 2019-01-01 18:18 - 209094589 _____ C:\Windows\MEMORY.DMP
2022-12-24 07:13 - 2006-11-02 05:22 - 000524288 _____ C:\Windows\system32\config\default_previous
2022-12-22 13:16 - 2006-11-02 05:22 - 000020480 _____ C:\Windows\system32\config\security_previous
2022-12-21 22:54 - 2006-11-02 08:01 - 000032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2022-12-15 23:03 - 2017-08-29 15:28 - 000000000 _____ C:\Windows\system32\last.dump
2022-12-15 22:42 - 2016-06-08 09:43 - 000000000 ____D C:\ProgramData\AVAST Software
2022-12-15 21:40 - 2007-11-18 21:42 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2022-12-15 21:32 - 2007-11-18 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2022-12-15 21:29 - 2007-11-18 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2022-12-15 21:09 - 2007-11-18 22:11 - 000000000 ____D C:\ProgramData\WildTangent
2022-12-15 21:07 - 2006-11-02 07:37 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2022-12-15 16:37 - 2012-04-03 22:34 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-12-15 14:28 - 2008-05-28 15:43 - 000000000 ____D C:\Users\John\AppData\Roaming\Yahoo!
2022-12-15 10:30 - 2009-01-25 11:24 - 000000000 ____D C:\Users\John\AppData\Local\Yahoo
2022-12-15 10:29 - 2007-11-18 22:15 - 000000000 ____D C:\Program Files\Yahoo!
2022-12-13 08:36 - 2017-02-01 19:12 - 000000000 ___SD C:\Users\John\AppData\LocalLow\Temp
2022-12-10 21:11 - 2017-12-06 09:06 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2022-12-10 21:11 - 2017-08-09 22:31 - 000003322 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineU A
2022-12-10 21:11 - 2017-08-09 22:31 - 000003194 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineC ore
2022-12-09 13:56 - 2011-05-14 04:56 - 000000000 ____D C:\Users\John\AppData\Roaming\HpUpdate
2022-11-30 23:31 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\Msdtc

==================== Files in the root of some directories ========

2008-05-28 14:59 - 2022-05-31 09:00 - 000005892 _____ () C:\Users\John\AppData\Local\d3d9caps.dat
2009-01-23 18:47 - 2014-08-28 23:05 - 000007680 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2022-12-24 07:59
==================== End of FRST.txt ========================

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-12-2022
Ran by John (24-12-2022 08:59:32)
Running from C:\Users\John\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) (2008-05-28 22:18:41)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2314338359-2121603862-2684469121-500 - Administrator - Disabled)
Guest (S-1-5-21-2314338359-2121603862-2684469121-501 - Limited - Disabled)
John (S-1-5-21-2314338359-2121603862-2684469121-1000 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 ActiveX (HKLM...\Adobe Flash Player ActiveX) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Reader X (10.1.16) (HKLM...{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AIM 7 (HKLM...\AIM_7) (Version: - )
Avast Free Antivirus (HKLM...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast Update Helper (HKLM...{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.141.333 - AVAST Software) Hidden
Compatibility Pack for the 2007 Office system (HKLM...{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM...{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1019 - CyberLink Corp.)
Google Chrome (HKLM...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Hewlett-Packard Active Check (HKLM...{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (HKLM...{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 2.0.62.5 - HP) Hidden
HP Advisor (HKLM...{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Feedback (HKLM...{9DBA770F-BF73-4D39-B1DF-6035D95268FC}) (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Frontend (HKLM...{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM...\OsdMaestro) (Version: - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM...\HP Photosmart Essential) (Version: 2.5 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM...\HDMI) (Version: - )
Java 8 Update 91 (HKLM...{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Basic (HKLM...\KLiteCodecPack_is1) (Version: 10.6.5 - )
LabelPrint (HKLM...{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2209 - CyberLink Corp.)
LightScribe System Software (HKLM...{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LightScribe Template Labeler (HKLM...{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}) (Version: 1.10.13.1 - LightScribe)
Microsoft .NET Framework 3.5 SP1 (HKLM...{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}) (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM...{3C3901C5-3455-3E0A-A214-0B093A5070A6}) (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM...{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.363 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Works (HKLM...{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 52.9.0 ESR (x86 en-US) (HKLM...\Mozilla Firefox 52.9.0 ESR (x86 en-US)) (Version: 52.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla)
MSN (HKLM...\MSNINST) (Version: - )
muvee autoProducer 6.1 (HKLM...{E8C2622C-9FF1-4F60-8008-A0208154F9F3}) (Version: 6.10.050 - muvee Technologies)
Power2Go (HKLM...{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3417 - CyberLink Corp.)
PowerDirector (HKLM...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2209 - CyberLink Corp.)
Python 2.5 (HKLM...{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5548 - Realtek Semiconductor Corp.)
RTC Client API v1.2 (HKLM...{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
Snapfish Picture Mover (HKLM...{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_2 00C14F1) (Version: 7.74.00 - Conexant Systems)
Visual Studio 2012 x86 Redistributables (HKLM...{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WeatherBug Gadget (HKLM...{209CDA54-D390-46A2-A97C-7BF61734418D}) (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Windows → Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-12-15] (AVAST Software s.r.o. → AVAST Software)
ContextMenuHandlers1: [avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-12-15] (AVAST Software s.r.o. → AVAST Software)
ContextMenuHandlers3: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-12-15] (AVAST Software s.r.o. → AVAST Software)
ContextMenuHandlers5: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2008-03-25] (Microsoft Windows Hardware Compatibility Publisher → Intel Corporation)
ContextMenuHandlers6: [avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-12-15] (AVAST Software s.r.o. → AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-12-15 23:08 - 2022-12-15 23:08 - 048936448 _____ () [File not signed] C:\Program Files\AVAST Software\Avast\libcef.dll
2017-08-09 23:28 - 2016-09-06 11:00 - 000147456 _____ () [File not signed] C:\Users\John\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2017-08-09 23:28 - 2016-09-06 11:00 - 005197312 _____ () [File not signed] C:\Users\John\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2017-02-23 16:47 - 2017-02-23 16:47 - 000752128 _____ (AOL Inc.) [File not signed] [File is in use] C:\Program Files\AIM\acccore.dll
2017-02-23 16:47 - 2017-02-23 16:47 - 001208320 _____ (AOL Inc.) [File not signed] C:\Program Files\AIM\coolcore61.dll
2017-02-23 16:47 - 2017-02-23 16:47 - 000252928 _____ (AOL Inc.) [File not signed] C:\Program Files\AIM\xprt6.dll
2010-01-06 01:03 - 2010-01-06 01:03 - 000163840 _____ (AOL Inc.) [File not signed] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
2022-12-24 07:55 - 2022-12-24 07:55 - 000478104 _____ (Avast Software s.r.o. → Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22122402\arPot.dll
2022-12-24 07:55 - 2022-12-24 07:55 - 000378264 _____ (Avast Software s.r.o. → Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22122402\aswArray.dll
2022-12-24 07:55 - 2022-12-24 07:55 - 000566680 _____ (Avast Software s.r.o. → Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22122402\aswCmnBS.dll
2022-12-24 07:55 - 2022-12-24 07:55 - 000440728 _____ (Avast Software s.r.o. → Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22122402\aswCmnIS.dll
2022-12-24 07:55 - 2022-12-24 07:55 - 000172952 _____ (Avast Software s.r.o. → Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22122402\aswCmnOS.dll
2022-12-24 07:55 - 2022-12-24 07:55 - 001753496 _____ (Avast Software s.r.o. → Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22122402\aswEngin.dll
2022-12-24 07:55 - 2022-12-24 07:55 - 000613784 _____ (Avast Software s.r.o. → Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22122402\aswFiDb.dll
2022-12-24 07:55 - 2022-12-24 07:55 - 000741272 _____ (Avast Software s.r.o. → Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22122402\aswRep.dll
2022-12-24 07:55 - 2022-12-24 07:55 - 000066456 _____ (Avast Software s.r.o. → Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22122402\uiExt.dll
2022-12-24 07:55 - 2022-12-24 07:55 - 000559000 _____ (Avast Software s.r.o. → Avast Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\22122402\aswCleanerDLL.dll
2022-12-24 07:55 - 2022-12-24 07:55 - 005220056 _____ (Avast Software s.r.o. → AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\22122402\bcuengine.dll
2022-12-24 07:55 - 2022-12-24 07:55 - 002467224 _____ (Avast Software s.r.o. → AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\22122402\swhealthex2.dll
2022-12-15 22:44 - 2022-12-15 22:44 - 002387776 _____ (AVAST Software s.r.o. → The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\Avast\libcrypto-1_1.dll
2022-12-15 22:44 - 2022-12-15 22:44 - 000512832 _____ (AVAST Software s.r.o. → The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\Avast\libssl-1_1.dll
2009-03-17 12:25 - 2009-03-17 12:25 - 000033792 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSLog.dll
2009-03-17 12:25 - 2009-03-17 12:25 - 000110592 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSSProxy.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2314338359-2121603862-2684469121-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2314338359-2121603862-2684469121-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM → DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM → {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationT ype=tb50trie7
SearchScopes: HKLM → {55C1D719-5274-4281-A484-D799AE2BA7E5} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKLM → {6FFC5051-438A-4405-9F3C-54DFE9532F52} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM → {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 → DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 → {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationT ype=tb50trie7
SearchScopes: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 → {55C1D719-5274-4281-A484-D799AE2BA7E5} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 → {8f6ecace-7280-4a70-834a-38c6fca77ee7} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationT ype=bu10aiminstabie7
SearchScopes: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 → {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-10] (Oracle America, Inc. → Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-10] (Oracle America, Inc. → Oracle Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation → Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2022-12-24 07:49 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\s ystem32;%SystemRoot%;%SystemRoot%\System32\Wbem;C: \hp\bin\Python;%SYSTEMROOT%\System32\WindowsPowerS hell\v1.0
HKU\S-1-5-21-2314338359-2121603862-2684469121-1000\Control Panel\Desktop\Wallpaper → C:\Windows\web\Wallpaper\img24.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk => C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup
MSCONFIG\startupreg: HP Health Check Scheduler => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) C:\Windows\system32\dfsr.exe (Microsoft Windows → Microsoft Corporation)
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) C:\Windows\system32\dfsr.exe (Microsoft Windows → Microsoft Corporation)
FirewallRules: [WinCollab-In-TCP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Windows → Microsoft Corporation)
FirewallRules: [WinCollab-Out-TCP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Windows → Microsoft Corporation)
FirewallRules: [WinCollab-In-UDP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Windows → Microsoft Corporation)
FirewallRules: [WinCollab-Out-UDP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Windows → Microsoft Corporation)
FirewallRules: [{E8483AA0-B6A2-4E65-8E1A-487AF1D60F96}] => (Allow) c:\Program Files\Cyberlink\PowerDirector\PDR.EXE (CyberLink → CyberLink Corp.)
FirewallRules: [{FF70F5DB-A77F-4995-82F4-F392FE088383}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe (EarthLink → EarthLink, Inc.)
FirewallRules: [{7CA489F2-040E-4A14-B3CE-841374A39D14}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe (EarthLink → EarthLink, Inc.)
FirewallRules: [{6C9B8201-7929-4920-92D0-FBF369AB8F02}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe (EarthLink → EarthLink, Inc.)
FirewallRules: [{793C14E1-E9F1-43A0-81E3-5990CECA9272}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe (EarthLink → EarthLink, Inc.)
FirewallRules: [{409E208E-3A8E-4C91-A4EA-CF32EC792BE1}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe (EarthLink → EarthLink, Inc.)
FirewallRules: [{32E8602A-B424-4804-8652-6DD5FCE87884}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe (EarthLink → EarthLink, Inc.)
FirewallRules: [{D2DFA983-1E8D-460E-89CB-0352F1AB2BA8}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe (AOL Inc. → AOL Inc.)
FirewallRules: [{32AFA6F4-899C-4C3C-9130-749E79257543}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe (AOL Inc. → AOL Inc.)
FirewallRules: [{B862DD3D-630A-478D-9901-8D589C31EB1C}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe (AOL Inc. → AOL Inc.)
FirewallRules: [{18954565-0C09-4879-942F-5DD029B03AB8}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe (AOL Inc. → AOL Inc.)
FirewallRules: [TCP Query User{33B25B29-68F1-4854-89D9-99CBA08971B1}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [UDP Query User{B4C7D4F5-239B-43BA-9A0E-231DD5044C73}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{60D32775-8659-4D06-B54C-3B6171048679}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe => No File
FirewallRules: [{8B1743DE-136A-4409-90EC-8BBACEFEAF0A}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe => No File
FirewallRules: [{4F87DBE6-6356-42F1-824B-BDCF6BDFBB9F}] => (Allow) C:\Program Files\AIM\aim.exe (AOL Inc. → AOL Inc.)
FirewallRules: [{98E15AFD-DED9-4FE8-B9CF-D50DE8A89A1E}] => (Allow) C:\Program Files\AIM\aim.exe (AOL Inc. → AOL Inc.)
FirewallRules: [TCP Query User{370899B0-DC0F-4C66-A99D-862E3F33507D}C:\windows\system32\wuauclt.exe] => (Block) C:\windows\system32\wuauclt.exe (Microsoft Windows Component Publisher → Microsoft Corporation)
FirewallRules: [UDP Query User{6B4D3CD6-142F-42B2-80D9-BCFCF612DE37}C:\windows\system32\wuauclt.exe] => (Block) C:\windows\system32\wuauclt.exe (Microsoft Windows Component Publisher → Microsoft Corporation)
FirewallRules: [{2F1C4541-2B64-4B4A-8EA8-0F3ED7B890C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{6D78CD1A-7F6A-4A87-A8AE-46A55023C5E5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [TCP Query User{A5E60A3B-4561-424E-8A18-174F42E21003}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [UDP Query User{EB8C3515-5A35-4A71-A72B-F5E61F7E2008}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{2F134E04-97DC-49A8-B255-2B36AE9A218C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{65921389-A4FF-4AF2-B28E-9A38485FE263}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{9DCEE7C7-A0AC-48AD-83A9-C1055C5ABA0D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc → Google Inc.)
FirewallRules: [{7CFFBEFF-43DB-4A1C-8833-27560307053A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. → AVAST Software)
FirewallRules: [{2F3596B0-FED9-43BD-A9A0-AD47A640FA32}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. → AVAST Software)
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink

==================== Restore Points =========================

15-12-2022 21:23:05 Removed HP Advisor.
15-12-2022 21:28:47 Removed HP Update.
15-12-2022 21:39:32 Removed HP Customer Experience Enhancements
15-12-2022 21:56:35 Installed Crystal Security
17-12-2022 11:27:38 Scheduled Checkpoint
18-12-2022 06:06:48 Scheduled Checkpoint
19-12-2022 07:21:15 Scheduled Checkpoint
20-12-2022 10:06:51 Scheduled Checkpoint
21-12-2022 15:37:56 ZHPcleaner
24-12-2022 07:04:52 ZHPcleaner

==================== Faulty Device Manager Devices ============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{F05BCA3E-C3F5-4180-9854-C7D45E1D1F7F}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{51C707ED-47E5-4CD2-9358-696DFB65C052}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{D198F27B-6061-4FB6-BF4D-9C66D7E0C0D3}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (12/24/2022 08:56:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (12/24/2022 08:56:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (12/24/2022 08:56:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (12/24/2022 08:56:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (12/24/2022 08:56:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (12/24/2022 08:56:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (12/24/2022 08:56:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (12/24/2022 08:56:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
[HEADING=1]System errors:[/HEADING]
==================== Memory info ===========================

BIOS: American Megatrends Inc. 5.16 10/01/2007
Motherboard: ASUSTeK Computer INC. Lancaster8
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 91%
Total physical RAM: 2038.64 MB
Available physical RAM: 179.95 MB
Total Virtual: 4324.56 MB
Available Virtual: 1276.14 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:326.01 GB) (Free:253.71 GB) (Model: ST3360320AS ATA Device) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.34 GB) (Free:1.26 GB) (Model: ST3360320AS ATA Device) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Size: 335.4 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=326 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

What about the F8 key thing and system restore? Thanks.

Not to worry about that. There is no reason the computer should have done what it did. I would not worry.
It’s just old and needs updated, we will tackle that after I see the latest Frst log

Im just worried now if i should just leave it on and not risk another restart. Thanks again.

It’ll be fine. I’ll check the logs here in a few.

Thanks, and being Christmas enjoy yourself and have a great holiday.

Save this fix list to your desktop.
Make sure it is next to FRST side by side.
Right click FRST and run as admin.
Click the fix button.
Post the log created when done.