Solved Cant connect to websites

[jxdama]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2022
Ran by John (administrator) on SARAH-PC (Compaq-Presario GX618AA-ABA SR5350F) (14-12-2022 09:17:58)
Running from C:\Users\John\Downloads
Loaded Profiles: John
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(explorer.exe ->) (AOL Inc. -> AOL Inc.) C:\Program Files\AIM\aim.exe
(explorer.exe ->) (Google Inc -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe <15>
(explorer.exe ->) (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(explorer.exe ->) (Hewlett-Packard Company) [File not signed] C:\hp\support\hpsysdrv.exe
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(explorer.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <2>
(explorer.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(explorer.exe ->) (OsdMaestro) [File not signed] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(explorer.exe ->) (Yahoo! Inc. -> Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(services.exe ->) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\mobsync.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) [File not signed]
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro) [File not signed]
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54680 2009-03-08] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2008-01-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2008-01-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2314338359-2121603862-2684469121-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2314338359-2121603862-2684469121-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [4363504 2009-01-08] (Yahoo! Inc. -> Yahoo! Inc.)
HKU\S-1-5-21-2314338359-2121603862-2684469121-1000\...\Run: [Aim] => C:\Program Files\AIM\aim.exe [4156312 2017-02-23] (AOL Inc. -> AOL Inc.)
HKU\S-1-5-21-2314338359-2121603862-2684469121-1000\...\Run: [AvastBrowserIsDefault] => "C:\Program Files\AVAST Software\Browser\Application\AvastBrowserProtector.exe" --force-protect (No File)
HKLM\...\Windows NT x86\Print Processors\winprint: localspl.dll (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe [2022-03-23] (Google Inc -> Google Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {33047591-8B4F-4E15-A0CF-4B4A30556B90} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c (No File)
Task: {6F5E79BC-5451-4BE4-8858-F7F7B4B1B754} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe (No File)
Task: {7AF197DA-602F-486C-BD9B-8328544A7E5C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe) [File not signed]
Task: {7C040E69-E581-4AC7-8EB4-91071E0C4223} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-08-09] (Google Inc -> Google Inc.)
Task: {82D27DDD-CDE9-4646-8F0E-62E5BACA334D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-08-09] (Google Inc -> Google Inc.)
Task: {9AE06C97-3310-4680-BE3B-FEE61B6440FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe) [File not signed]
Task: {A0364B18-9C67-4642-A27D-19F8E1364E9D} - System32\Tasks\PC-Doctor\Scheduled Maintanence => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [73728 2007-06-25] (PC-Doctor, Inc.) [File not signed]
Task: {C33B7959-E56A-475B-BCD0-562348DC4289} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1630008 2018-05-31] (AVAST Software s.r.o. -> AVAST Software)
Task: {E2A93A77-9013-4FB4-9718-72BBA2998F23} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2762968 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
Task: {EC2DD444-24FC-414F-B116-674077F8029E} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => Command(1): C:\Windows\servicing\vsp1ceip.exe [175104 [2008-01-19]] (Microsoft Windows -> Microsoft Corporation)
Task: {F0C37474-8AF1-4947-8556-6C4C06128A88} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\User_Feed_Synchronization-{2216E477-7DEF-4482-AD03-D42193D074E7}.job => C:\Windows\system32\msfeedssync.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{73B646CC-8C74-4151-84F9-23E4B03FD810}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\su7k0ty2.default-1670861870862 [2022-12-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-15] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> ) [File not signed]
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-01-08] (Yahoo! Inc. -> Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2022-12-14]
CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.facebook.com
CHR Extension: (Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-09]
CHR Extension: (Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-01]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-25]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Windows -> Microsoft Corporation)
R2 XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [386560 2007-10-18] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
S2 avast; "C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167480 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188976 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [165384 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284256 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57904 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [183176 2018-11-26] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42736 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135200 2019-01-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr.sys [70640 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784552 2019-05-23] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [397984 2019-05-23] (AVAST Software s.r.o. -> AVAST Software)
R3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [146584 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310200 2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
R3 HSF_DP; C:\Windows\System32\DRIVERS\HSX_DP.sys [980992 2008-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R3 HSXHWBS2; C:\Windows\System32\DRIVERS\HSXHWBS2.sys [266752 2008-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
S4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [35944 2006-11-02] (Microsoft Windows -> Integrated Technology Express, Inc.)
S4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Microsoft Windows -> Integrated Technology Express, Inc.)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Conexant)
S4 Mraid35x; C:\Windows\system32\drivers\mraid35x.sys [33384 2006-11-02] (Microsoft Windows -> LSI Logic Corporation)
S4 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-02] (Microsoft Windows -> N-trig Innovative Technologies)
R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [91648 2007-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Corporation)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2009-01-23] (Acronis, Inc -> Acronis)
S4 uliahci; C:\Windows\system32\drivers\uliahci.sys [235112 2006-11-02] (Microsoft Windows -> ULi Electronics Inc.)
S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [98408 2006-11-02] (Microsoft Windows -> Promise Technology, Inc.)
S4 ulsata2; C:\Windows\system32\drivers\ulsata2.sys [115816 2006-11-02] (Microsoft Windows -> Promise Technology, Inc.)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (Microsoft Windows Hardware Compatibility Publisher -> America Online, Inc.)
R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [661504 2008-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R2 XAudio; C:\Windows\System32\DRIVERS\xaudio.sys [8704 2007-10-18] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
S3 謌챊젳২精诿ﱊ젳￨靖룿栨旟૩ﯦ쳿쳌쳌䶋菰Ӂ䗩诿솃郊￬咋ࠤ䊍謌젳짨靖룿桤旟퓩ﯥ쳿쳌쳌쳌쳌쳌쳌쳌⡪䖋僤靖菿ࣄ诃觩诿삃倌䖋僠秨菿ࣄ诃༁಄HdsKe; C:\Windows\system32\drivers\謌챊젳২精诿ﱊ젳￨靖룿栨旟૩ﯦ쳿쳌쳌䶋菰Ӂ䗩诿솃郊￬咋ࠤ䊍謌젳짨靖룿桤旟퓩ﯥ쳿쳌쳌쳌쳌쳌쳌쳌⡪䖋僤靖菿ࣄ诃觩诿삃倌䖋僠秨菿ࣄ诃༁಄HdsKe.sys [84928 2017-09-07] (AVAST Software) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-14 09:17 - 2022-12-14 09:17 - 002078720 _____ (Farbar) C:\Users\John\Downloads\FRST(2).exe
2022-12-14 08:53 - 2022-12-14 08:56 - 000009280 _____ C:\Users\John\Downloads\Addition.txt
2022-12-14 08:49 - 2022-12-14 09:20 - 000018312 _____ C:\Users\John\Downloads\FRST.txt
2022-12-14 08:49 - 2022-12-14 08:49 - 002078720 _____ (Farbar) C:\Users\John\Downloads\FRST(1).exe
2022-12-14 08:48 - 2022-12-14 08:48 - 002375680 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2022-12-14 08:46 - 2022-12-14 09:19 - 000000000 ____D C:\FRST
2022-12-14 08:46 - 2022-12-14 08:46 - 002078720 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2022-12-14 08:36 - 2022-12-14 08:36 - 008791352 _____ (Malwarebytes) C:\Users\John\Downloads\adwcleaner.exe
2022-12-14 08:30 - 2022-12-14 08:30 - 002821616 _____ (Opera Software) C:\Users\John\Downloads\OperaSetup(5).exe
2022-12-14 08:29 - 2022-12-14 08:29 - 002821640 _____ (Opera Software) C:\Users\John\Downloads\OperaSetup(4).exe
2022-12-14 08:03 - 2022-12-14 08:03 - 002821616 _____ (Opera Software) C:\Users\John\Downloads\OperaSetup(3).exe
2022-12-14 08:02 - 2022-12-14 08:02 - 002821640 _____ (Opera Software) C:\Users\John\Downloads\OperaSetup(2).exe
2022-12-14 07:37 - 2022-12-14 07:38 - 002821952 _____ (Opera Software) C:\Users\John\Downloads\OperaSetup(1).exe
2022-12-13 16:32 - 2022-12-13 16:32 - 002821976 _____ (Opera Software) C:\Users\John\Downloads\OperaSetup.exe
2022-12-12 11:18 - 2022-12-12 11:18 - 000000000 ____D C:\Users\John\Desktop\Old Firefox Data
2022-12-12 02:15 - 2022-12-12 02:15 - 000145216 _____ C:\Windows\Minidump\Mini121222-01.dmp
2022-12-04 08:25 - 2022-12-04 08:25 - 000145216 _____ C:\Windows\Minidump\Mini120422-01.dmp
2022-12-01 18:40 - 2022-12-01 18:40 - 000145216 _____ C:\Windows\Minidump\Mini120122-01.dmp
2022-12-01 08:33 - 2018-11-21 04:46 - 000323288 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2022-11-27 20:43 - 2022-11-27 20:43 - 000145216 _____ C:\Windows\Minidump\Mini112722-01.dmp
2022-11-25 15:46 - 2022-11-25 15:46 - 000145216 _____ C:\Windows\Minidump\Mini112522-01.dmp
2022-11-24 13:53 - 2022-11-24 13:53 - 000145216 _____ C:\Windows\Minidump\Mini112422-01.dmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-14 09:15 - 2016-11-16 18:21 - 000000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
2022-12-14 08:30 - 2006-11-02 07:47 - 000003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2022-12-14 08:30 - 2006-11-02 07:47 - 000003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2022-12-14 08:28 - 2015-02-18 02:48 - 000000000 ____D C:\Program Files\Google
2022-12-14 07:39 - 2015-09-30 15:49 - 000098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2022-12-14 05:42 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf
2022-12-13 08:36 - 2017-02-01 19:12 - 000000000 ___SD C:\Users\John\AppData\LocalLow\Temp
2022-12-13 07:43 - 2018-06-21 06:20 - 000000000 ____D C:\Users\John\AppData\Local\AVAST Software
2022-12-12 10:30 - 2006-11-02 08:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-12-12 10:29 - 2006-11-02 08:01 - 000032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2022-12-12 02:15 - 2008-08-01 14:35 - 000000000 ____D C:\Windows\Minidump
2022-12-12 02:14 - 2019-01-01 18:18 - 230307517 _____ C:\Windows\MEMORY.DMP
2022-12-10 21:11 - 2017-12-06 09:06 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2022-12-10 21:11 - 2017-08-09 22:31 - 000003322 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2022-12-10 21:11 - 2017-08-09 22:31 - 000003194 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2022-12-09 13:56 - 2011-05-14 04:56 - 000000000 ____D C:\Users\John\AppData\Roaming\HpUpdate
2022-12-08 18:41 - 2017-03-01 13:20 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2022-12-01 08:36 - 2017-01-31 18:26 - 000001835 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2022-11-30 23:31 - 2008-05-28 14:26 - 000000000 ____D C:\Users\John
2022-11-30 23:31 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool
2022-11-30 23:31 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\Msdtc
2022-11-30 23:31 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration
2022-11-30 23:31 - 2006-11-02 05:22 - 033554432 _____ C:\Windows\system32\config\software_previous
2022-11-30 23:31 - 2006-11-02 05:22 - 028573696 _____ C:\Windows\system32\config\system_previous
2022-11-30 23:26 - 2006-11-02 05:22 - 039583744 _____ C:\Windows\system32\config\components_previous
2022-11-30 23:26 - 2006-11-02 05:22 - 000053248 _____ C:\Windows\system32\config\sam_previous
2022-11-30 20:22 - 2006-11-02 05:22 - 000524288 _____ C:\Windows\system32\config\default_previous
2022-11-30 20:22 - 2006-11-02 05:22 - 000020480 _____ C:\Windows\system32\config\security_previous

==================== Files in the root of some directories ========

2010-10-18 11:59 - 2014-07-15 08:03 - 000003688 _____ () C:\Users\John\AppData\Roaming\wklnhst.dat
2010-04-11 20:10 - 2010-04-11 20:16 - 000010032 ___SH () C:\Users\John\AppData\Local\0CMR8yFmkXh
2011-07-05 19:55 - 2011-07-05 19:55 - 000001558 ___SH () C:\Users\John\AppData\Local\1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043
2008-05-28 14:59 - 2022-05-31 09:00 - 000005892 _____ () C:\Users\John\AppData\Local\d3d9caps.dat
2009-01-23 18:47 - 2014-08-28 23:05 - 000007680 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-29 14:09 - 2011-05-29 14:17 - 000011864 ___SH () C:\Users\John\AppData\Local\e32lig0acfqskqq
2012-01-11 21:35 - 2012-01-11 21:41 - 000008642 ___SH () C:\Users\John\AppData\Local\q3k132b461d0vlmjgwe3423qks888wt4i067x
2010-02-11 07:57 - 2010-02-11 08:06 - 000007446 ___SH () C:\Users\John\AppData\Local\R4AlO7HdsW5
2021-10-21 05:01 - 2021-10-21 05:01 - 000000000 _____ () C:\Users\John\AppData\Local\{BF478C30-F17C-40D8-8397-984D790151A8}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2022-12-13 22:56
==================== End of FRST.txt ========================

 

[jxdama]

This might be the same thing
move %userprofile%\Downloads\FRST.exe "%userprofile%\desktopAdditional scan result of Farbar Recovery Scan Tool (x86) Version: 11-12-2022
Ran by John (14-12-2022 09:20:49)
Running from C:\Users\John\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) (2008-05-28 22:18:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2314338359-2121603862-2684469121-500 - Administrator - Disabled)
Guest (S-1-5-21-2314338359-2121603862-2684469121-501 - Limited - Disabled)
John (S-1-5-21-2314338359-2121603862-2684469121-1000 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AIM 7 (HKLM\...\AIM_7) (Version: - )
AIM Toolbar (HKLM\...\AIM Toolbar) (Version: - )
AusLogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 1.5 - Auslogics Software Pty Ltd)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.141.333 - AVAST Software) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1019 - CyberLink Corp.)
Download Updater (AOL Inc.) (HKLM\...\SoftwareUpdUtility) (Version: - AOL Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4589.14 - PC-Doctor, Inc.)
Hewlett-Packard Active Check (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 2.0.62.5 - HP) Hidden
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AFAD41A9-9687-48A3-848F-693C11451433}) (Version: 5.4.0.2360 - Hewlett-Packard)
HP Customer Feedback (HKLM\...\{9DBA770F-BF73-4D39-B1DF-6035D95268FC}) (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version: - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2209 - CyberLink Corp.)
LightScribe System Software (HKLM\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LightScribe Template Labeler (HKLM\...\{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}) (Version: 1.10.13.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}) (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}) (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.363 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 52.9.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 en-US)) (Version: 52.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
muvee autoProducer 6.1 (HKLM\...\{E8C2622C-9FF1-4F60-8008-A0208154F9F3}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3417 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2209 - CyberLink Corp.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5548 - Realtek Semiconductor Corp.)
RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WeatherBug Gadget (HKLM\...\{209CDA54-D390-46A2-A97C-7BF61734418D}) (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000_Classes\CLSID\{47198917-0962-7895-9795-211497132047}\InprocServer32 -> C:\Users\John\AppData\Local\Temp\npd.dll => No File
CustomCLSID: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000_Classes\CLSID\{51906541-9778-0483-4923-241141919285}\InprocServer32 -> C:\Users\John\AppData\Local\Temp\npd.dll => No File
CustomCLSID: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL 9.0\axtrack.dll => No File
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-21] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2008-03-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-21] (AVAST Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2017-01-31 18:23 - 2017-01-31 18:23 - 048936448 _____ () [File not signed] C:\Program Files\AVAST Software\Avast\libcef.dll
2009-01-25 11:22 - 2009-01-08 19:38 - 000102400 _____ () [File not signed] C:\Program Files\Yahoo!\Messenger\clientmanager.dll
2009-01-25 11:22 - 2009-01-08 19:38 - 000913408 _____ () [File not signed] C:\Program Files\Yahoo!\Messenger\yui.dll
2017-08-09 23:28 - 2016-09-06 11:00 - 000147456 _____ () [File not signed] C:\Users\John\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2017-08-09 23:28 - 2016-09-06 11:00 - 005197312 _____ () [File not signed] C:\Users\John\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2020-12-08 21:07 - 2020-12-08 21:07 - 020518968 ____R (Adobe Inc. -> Adobe) [File not signed] [File is in use] C:\Windows\system32\Macromed\Flash\Flash32_32_0_0_465.ocx
2017-02-23 16:47 - 2017-02-23 16:47 - 000752128 _____ (AOL Inc.) [File not signed] [File is in use] C:\Program Files\AIM\acccore.dll
2017-02-23 16:47 - 2017-02-23 16:47 - 001208320 _____ (AOL Inc.) [File not signed] C:\Program Files\AIM\coolcore61.dll
2017-02-23 16:47 - 2017-02-23 16:47 - 000252928 _____ (AOL Inc.) [File not signed] C:\Program Files\AIM\xprt6.dll
2010-01-06 01:03 - 2010-01-06 01:03 - 000163840 _____ (AOL Inc.) [File not signed] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
2022-12-14 07:21 - 2022-12-14 07:21 - 000477080 _____ (Avast Software s.r.o. -> Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22121402\arPot.dll
2022-12-14 07:21 - 2022-12-14 07:21 - 000378264 _____ (Avast Software s.r.o. -> Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22121402\aswArray.dll
2022-12-14 07:21 - 2022-12-14 07:21 - 000566680 _____ (Avast Software s.r.o. -> Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22121402\aswCmnBS.dll
2022-12-14 07:21 - 2022-12-14 07:21 - 000440728 _____ (Avast Software s.r.o. -> Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22121402\aswCmnIS.dll
2022-12-14 07:21 - 2022-12-14 07:21 - 000172952 _____ (Avast Software s.r.o. -> Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22121402\aswCmnOS.dll
2022-12-14 07:21 - 2022-12-14 07:21 - 001753496 _____ (Avast Software s.r.o. -> Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22121402\aswEngin.dll
2022-12-14 07:21 - 2022-12-14 07:21 - 000613784 _____ (Avast Software s.r.o. -> Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22121402\aswFiDb.dll
2022-12-14 07:21 - 2022-12-14 07:21 - 000741272 _____ (Avast Software s.r.o. -> Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22121402\aswRep.dll
2022-12-14 07:21 - 2022-12-14 07:21 - 000066456 _____ (Avast Software s.r.o. -> Avast Software) [File not signed] [File is in use] C:\Program Files\AVAST Software\Avast\defs\22121402\uiExt.dll
2022-12-14 07:21 - 2022-12-14 07:21 - 000559000 _____ (Avast Software s.r.o. -> Avast Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\22121402\aswCleanerDLL.dll
2022-12-14 07:21 - 2022-12-14 07:21 - 005220056 _____ (Avast Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\22121402\bcuengine.dll
2022-12-14 07:21 - 2022-12-14 07:21 - 002467224 _____ (Avast Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\22121402\swhealthex2.dll
2018-10-22 02:58 - 2018-10-22 02:58 - 002387776 _____ (AVAST Software s.r.o. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\Avast\libcrypto-1_1.dll
2018-10-22 02:58 - 2018-10-22 02:58 - 000512832 _____ (AVAST Software s.r.o. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\Avast\libssl-1_1.dll
2009-03-17 12:25 - 2009-03-17 12:25 - 000033792 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSLog.dll
2009-03-17 12:25 - 2009-03-17 12:25 - 000110592 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSSProxy.dll
2009-01-25 11:21 - 2009-01-08 19:38 - 000163840 _____ (Netscape Communications Corporation) [File not signed] C:\Program Files\Yahoo!\Messenger\nspr4.dll
2009-01-25 11:22 - 2009-01-08 19:38 - 001339392 _____ (Yahoo! Inc.) [File not signed] C:\Program Files\Yahoo!\Messenger\res_msgr.dll
2009-01-25 11:22 - 2009-01-08 19:38 - 000200704 _____ (Yahoo! Inc.) [File not signed] C:\Program Files\Yahoo!\Messenger\RGX.dll
2009-01-25 11:21 - 2009-01-08 19:38 - 000184320 _____ (Yahoo! Inc.) [File not signed] C:\Program Files\Yahoo!\Messenger\YAlertCenterM.DLL
2009-01-25 11:21 - 2009-01-08 19:38 - 001056768 _____ (Yahoo! Inc.) [File not signed] C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll
2009-01-25 11:21 - 2009-01-08 19:38 - 000761856 _____ (Yahoo! Inc.) [File not signed] C:\Program Files\Yahoo!\Messenger\YCPSSL.dll
2009-01-25 11:21 - 2009-01-08 19:38 - 000286720 _____ (Yahoo! Inc.) [File not signed] C:\Program Files\Yahoo!\Messenger\YHTTP.dll
2009-01-25 11:21 - 2009-01-08 19:38 - 000270336 _____ (Yahoo! Inc.) [File not signed] C:\Program Files\Yahoo!\Messenger\YImage.dll
2009-01-25 11:22 - 2009-01-08 19:38 - 000053248 _____ (Yahoo! Inc.) [File not signed] C:\Program Files\Yahoo!\Messenger\ylog.dll
2009-01-25 11:22 - 2009-01-08 19:38 - 000032768 _____ (Yahoo! Inc.) [File not signed] C:\Program Files\Yahoo!\Messenger\YML.dll
2009-01-25 11:22 - 2009-01-08 19:38 - 001486848 _____ (Yahoo! Inc.) [File not signed] C:\Program Files\Yahoo!\Messenger\YMSGLite.dll
2009-01-25 11:21 - 2009-01-08 19:38 - 000475136 _____ (Yahoo! Inc.) [File not signed] C:\Program Files\Yahoo!\Messenger\YPluginRegistry.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2314338359-2121603862-2684469121-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2314338359-2121603862-2684469121-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
URLSearchHook: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 - (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKLM -> {55C1D719-5274-4281-A484-D799AE2BA7E5} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKLM -> {6FFC5051-438A-4405-9F3C-54DFE9532F52} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 -> {55C1D719-5274-4281-A484-D799AE2BA7E5} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 -> {6FFC5051-438A-4405-9F3C-54DFE9532F52} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 -> {8f6ecace-7280-4a70-834a-38c6fca77ee7} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=bu10aiminstabie7
SearchScopes: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-10] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2314338359-2121603862-2684469121-1000 -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2022-12-14 07:18 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2314338359-2121603862-2684469121-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk => C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: HP Health Check Scheduler => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) C:\Windows\system32\dfsr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) C:\Windows\system32\dfsr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WinCollab-In-TCP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WinCollab-Out-TCP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WinCollab-In-UDP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WinCollab-Out-UDP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E8483AA0-B6A2-4E65-8E1A-487AF1D60F96}] => (Allow) c:\Program Files\Cyberlink\PowerDirector\PDR.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{FF70F5DB-A77F-4995-82F4-F392FE088383}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe (EarthLink -> EarthLink, Inc.)
FirewallRules: [{7CA489F2-040E-4A14-B3CE-841374A39D14}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe (EarthLink -> EarthLink, Inc.)
FirewallRules: [{6C9B8201-7929-4920-92D0-FBF369AB8F02}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe (EarthLink -> EarthLink, Inc.)
FirewallRules: [{793C14E1-E9F1-43A0-81E3-5990CECA9272}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe (EarthLink -> EarthLink, Inc.)
FirewallRules: [{409E208E-3A8E-4C91-A4EA-CF32EC792BE1}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe (EarthLink -> EarthLink, Inc.)
FirewallRules: [{32E8602A-B424-4804-8652-6DD5FCE87884}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe (EarthLink -> EarthLink, Inc.)
FirewallRules: [{C133EC92-F266-4770-AE47-0907D744B98D}] => (Allow) C:\Program Files\AOL\RC\regclient.exe => No File
FirewallRules: [{20DBAB36-0150-4D56-BC7D-54541BE99CD0}] => (Allow) C:\Program Files\AOL\RC\regclient.exe => No File
FirewallRules: [{409BA08A-77F4-4A4D-992F-B6A8C2BEA8B5}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLDial.exe => No File
FirewallRules: [{8B5638FA-DE84-45C7-9BC6-978A743378C4}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLDial.exe => No File
FirewallRules: [{DF95CEE6-1067-4A15-AF9E-814CE1FA82E6}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLacsd.exe => No File
FirewallRules: [{028FE028-17D8-4F17-86B2-A75431342C79}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLacsd.exe => No File
FirewallRules: [{034FF40F-BEF0-41DF-A275-9ADDA0E1B9D2}] => (Allow) C:\Program Files\AOL 9.0\waol.exe => No File
FirewallRules: [{F3AE08AF-70CD-4291-8B8B-F12AD64A57BC}] => (Allow) C:\Program Files\AOL 9.0\waol.exe => No File
FirewallRules: [{C2375134-BB0B-4A77-B2D0-F77CBBC733B4}] => (Allow) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe => No File
FirewallRules: [{B74C0255-0363-4721-9ECE-FBDCEDDE3008}] => (Allow) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe => No File
FirewallRules: [{D2DFA983-1E8D-460E-89CB-0352F1AB2BA8}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{32AFA6F4-899C-4C3C-9130-749E79257543}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{887358AC-FFBB-4D2D-AA5A-BC075B527666}] => (Allow) C:\Program Files\Common Files\aol\System Information\sinf.exe => No File
FirewallRules: [{13BFD45F-CF68-4EE8-AB8F-798534491DC6}] => (Allow) C:\Program Files\Common Files\aol\System Information\sinf.exe => No File
FirewallRules: [{4B02A4DA-033C-446D-9CBA-8F15BE579CF8}] => (Allow) C:\Program Files\AOL\RC\regclient.exe => No File
FirewallRules: [{7874A038-C8C4-4AC3-8E31-A2E7256564E7}] => (Allow) C:\Program Files\AOL\RC\regclient.exe => No File
FirewallRules: [{59A90F23-9877-45CD-A803-CDE2A96E6F8F}] => (Allow) C:\Program Files\Common Files\aol\ACS\AOLDial.exe => No File
FirewallRules: [{144F2593-F905-49C8-AC64-E06BED99271E}] => (Allow) C:\Program Files\Common Files\aol\ACS\AOLDial.exe => No File
FirewallRules: [{BC18F993-9262-4132-8699-D07D226CE809}] => (Allow) C:\Program Files\Common Files\aol\ACS\AOLacsd.exe => No File
FirewallRules: [{1E5BA508-903A-4F15-8E9E-35FBFB97BF10}] => (Allow) C:\Program Files\Common Files\aol\ACS\AOLacsd.exe => No File
FirewallRules: [{FACA43AB-EF9E-44C0-8075-8F53F77541CC}] => (Allow) C:\Program Files\AOL 9.0\waol.exe => No File
FirewallRules: [{6862ABA1-CD2D-445C-B923-3BA9E6143310}] => (Allow) C:\Program Files\AOL 9.0\waol.exe => No File
FirewallRules: [{B7319344-442A-416B-9DB7-D0CAE33DE301}] => (Allow) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe => No File
FirewallRules: [{3C1CD680-FC89-4B2B-BC29-900E787123AD}] => (Allow) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe => No File
FirewallRules: [{B862DD3D-630A-478D-9901-8D589C31EB1C}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{18954565-0C09-4879-942F-5DD029B03AB8}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{6E42CD65-F903-4BD4-8EEC-1ADD17BF0914}] => (Allow) C:\Program Files\Common Files\aol\System Information\sinf.exe => No File
FirewallRules: [{5DDE8334-035E-490C-AB30-12440EF16748}] => (Allow) C:\Program Files\Common Files\aol\System Information\sinf.exe => No File
FirewallRules: [{282E5F63-F2DE-4390-990C-31EDBDF45A97}] => (Allow) C:\Program Files\Common Files\aol\1212182531\ee\aolsoftware.exe => No File
FirewallRules: [{CA5E833B-4277-4352-832F-AB028D206023}] => (Allow) C:\Program Files\Common Files\aol\1212182531\ee\aolsoftware.exe => No File
FirewallRules: [{C86B1F57-57D4-45E2-AB94-0A02254EA863}] => (Allow) C:\Program Files\AIM6\aim6.exe => No File
FirewallRules: [{30D77DDD-3A5B-411C-A015-B783C97EBA4F}] => (Allow) C:\Program Files\AIM6\aim6.exe => No File
FirewallRules: [TCP Query User{33B25B29-68F1-4854-89D9-99CBA08971B1}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B4C7D4F5-239B-43BA-9A0E-231DD5044C73}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{60D32775-8659-4D06-B54C-3B6171048679}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{8B1743DE-136A-4409-90EC-8BBACEFEAF0A}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [TCP Query User{85AAFA08-706B-49E1-999B-B5FF8BD3AA6D}C:\program files\java\jre6\bin\java.exe] => (Block) C:\program files\java\jre6\bin\java.exe => No File
FirewallRules: [UDP Query User{AF2C37B3-6DFE-441F-870C-FF59F0AC308E}C:\program files\java\jre6\bin\java.exe] => (Block) C:\program files\java\jre6\bin\java.exe => No File
FirewallRules: [{4F87DBE6-6356-42F1-824B-BDCF6BDFBB9F}] => (Allow) C:\Program Files\AIM\aim.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{98E15AFD-DED9-4FE8-B9CF-D50DE8A89A1E}] => (Allow) C:\Program Files\AIM\aim.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [TCP Query User{370899B0-DC0F-4C66-A99D-862E3F33507D}C:\windows\system32\wuauclt.exe] => (Block) C:\windows\system32\wuauclt.exe (Microsoft Windows Component Publisher -> Microsoft Corporation)
FirewallRules: [UDP Query User{6B4D3CD6-142F-42B2-80D9-BCFCF612DE37}C:\windows\system32\wuauclt.exe] => (Block) C:\windows\system32\wuauclt.exe (Microsoft Windows Component Publisher -> Microsoft Corporation)
FirewallRules: [{857D3169-708F-4F8D-BA1F-E6CCF850BF2C}] => (Allow) LPort=80
FirewallRules: [{205B24DF-41BD-4198-AB65-428419E931C9}] => (Allow) LPort=80
FirewallRules: [{7AC26C43-F94F-47C3-A07C-07F39E26E8C9}] => (Allow) LPort=80
FirewallRules: [{2F1C4541-2B64-4B4A-8EA8-0F3ED7B890C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6D78CD1A-7F6A-4A87-A8AE-46A55023C5E5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{A5E60A3B-4561-424E-8A18-174F42E21003}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{EB8C3515-5A35-4A71-A72B-F5E61F7E2008}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2F134E04-97DC-49A8-B255-2B36AE9A218C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{65921389-A4FF-4AF2-B28E-9A38485FE263}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7A079647-21C6-4286-9747-39ECC71EB2CA}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{C679F87D-AC18-409F-8F53-8138C5E43D83}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{5930E0D1-F887-4C3D-AFA7-663F001D3755}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe => No File
FirewallRules: [{9DCEE7C7-A0AC-48AD-83A9-C1055C5ABA0D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{7CFFBEFF-43DB-4A1C-8833-27560307053A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{2F3596B0-FED9-43BD-A9A0-AD47A640FA32}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink

==================== Restore Points =========================

02-12-2022 15:36:16 Scheduled Checkpoint
03-12-2022 03:52:25 Scheduled Checkpoint
03-12-2022 15:53:03 Scheduled Checkpoint
04-12-2022 11:00:08 Scheduled Checkpoint
04-12-2022 23:40:54 Scheduled Checkpoint
06-12-2022 00:00:11 Scheduled Checkpoint
06-12-2022 15:02:03 Scheduled Checkpoint
07-12-2022 16:22:41 Scheduled Checkpoint
08-12-2022 05:55:34 Scheduled Checkpoint
09-12-2022 13:16:18 Scheduled Checkpoint
10-12-2022 16:41:37 Scheduled Checkpoint
12-12-2022 04:01:08 Scheduled Checkpoint
14-12-2022 00:34:53 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{F05BCA3E-C3F5-4180-9854-C7D45E1D1F7F}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{51C707ED-47E5-4CD2-9358-696DFB65C052}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{D198F27B-6061-4FB6-BF4D-9C66D7E0C0D3}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: ========================

Application errors:
==================
Error: (12/14/2022 09:30:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (12/14/2022 09:30:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (12/14/2022 09:30:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (12/14/2022 09:30:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (12/14/2022 09:08:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST(1).exe version 11.12.2022.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 15a8
Start Time: 01d90fc2e1e4f190
Termination Time: 31

Error: (12/14/2022 09:06:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application firefox.exe, version 52.9.0.6746, time stamp 0x5b2bbbea, faulting module mozglue.dll, version 52.9.0.6746, time stamp 0x5b2bbbde, exception code 0x80000003, fault offset 0x0000fb33,
process id 0x1294, application start time 0x01d90edcb01cf184.

Error: (12/14/2022 09:06:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 52.9.0.6746 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: bfc
Start Time: 01d90edc94dfad44
Termination Time: 18181

Error: (12/14/2022 08:29:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.


System errors:
=============

==================== Memory info ===========================

BIOS: American Megatrends Inc. 5.16 10/01/2007
Motherboard: ASUSTeK Computer INC. Lancaster8
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 94%
Total physical RAM: 2038.64 MB
Available physical RAM: 103.16 MB
Total Virtual: 4890.55 MB
Available Virtual: 991.12 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:326.01 GB) (Free:241.9 GB) (Model: ST3360320AS ATA Device) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.34 GB) (Free:1.26 GB) (Model: ST3360320AS ATA Device) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 335.4 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=326 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 

[Malnutrition]

Ok, good give me a minute to go over this.

 

[jxdama]

I wanted to add occasionally a pop up will appear to find updates for drivers. When i click to find updates it always fails. Also, should i try another one of those browsers other than opera and could you send a link to opera 36. Its pretty confusing and i might not be trying to download the right opera. You are awesome for all the help.

 

[Malnutrition]

No lets just focus on this right now, you do not need to download anything while we do this unless instructed to do so by me while we complete this process.

 

[jxdama]

No lets just focus on this right now, you do not need to download anything while we do this unless instructed to do so by me while we complete this process.

OK

 

[Malnutrition]

FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[jxdama]

I think i messed it up. can i start again?

 

[jxdama]

It says open to notepad. i dont know how to get it to desktop

 

[Malnutrition]

use this command in command promt as we did before.

move %userprofile%\Downloads\Fixlist.txt "%userprofile%\desktop

Then once the fixlist is on the desktop, right click FRST and click the fix button.

 

[jxdama]

says cannot find the file specified

 

[Malnutrition]

Change download locations​

You can choose a location on your computer where downloads should be saved by default or pick a specific destination for each download.

1. On your computer, open Chrome.
2. At the top right, click More
   
   
   Settings.
3. At the bottom, click Advanced
   
   Downloads.
4. Adjust your download settings:
   • To change the default download location, click Change and select where you'd like your files to be saved.
   • If you'd rather choose a specific location for each download, check the box next to "Ask where to save each file before downloading."

Then download and save fixlist to your desktop.

Click me to download fixlist.

 

[jxdama]

Im in firefox. can i do it in firefox? I cant find settings in firefox

 

[Malnutrition]

I suggest that you download Ublock Origin for firefox and chrome.

uBlock Origin - Free, open-source ad content blocker.

uBlock Origin is not just an “ad blocker“, it's a wide-spectrum content blocker with CPU and memory efficiency as a primary feature. Developed by Raymond Hill.

ublockorigin.com

---

Change where downloads are saved​

File downloads are saved in the folder specified in Firefox Settings . To change that folder:

1. Click the menu button
   
   and select Settings.
2. In the General panel, find the Downloads section under Files and Applications.
   
3. Click the Browsebutton next to the Save files to entry.
4. Choose the downloads folder you wish to use.

 

[jxdama]

Im in chrome and it wont download like it does in firefox. im so done

 

[jxdama]

Im back in firefox. i didnt even understand what chrome was doing. I went to control center to try and change settings there but i didnt know what to do.

 

[Malnutrition]

Ok, we will clear the other download and run it like this.
Download KpRM
start the program
Check Delete Tools'


Do the steps below in order this should get you going.

Then download the fixlist Click me to download fixlist.
Then download FRST 32 bit
Right click FRST run as admin and hit the fix button.

 

[jxdama]

are the settings in firefox in tools? I dont see settings

 

[jxdama]

Ok, we will clear the other download and run it like this.
Download KpRM
start the program
Check Delete Tools'


Do the steps below in order this should get you going.

Then download the fixlist Click me to download fixlist.
Then download FRST 32 bit
Right click FRST run as admin and hit the fix button.

Will that delete tools in the menu bar?

 

[Malnutrition]

Will that delete tools in the menu bar?

Nope, just the tools we used this will start you fresh, it will only delete FRST and the addition.txt and when you download fresh copies FRST and fixlog will be in your downloads folder and when you dick fix the tool will work as intended.