Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2016 Ran by Administrator (2016-07-10 04:04:13) Running from D:\Documents and Settings\Administrator\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) (2016-05-18 17:48:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1292428093-1220945662-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator Guest (S-1-5-21-1292428093-1220945662-1177238915-501 - Limited - Disabled) HelpAssistant (S-1-5-21-1292428093-1220945662-1177238915-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1292428093-1220945662-1177238915-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 3.0 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) AutoPlay Media Studio 8 (HKLM\...\AutoPlay Media Studio 8) (Version: 8.5.0.0 - Indigo Rose Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform) IE7Pro (HKLM\...\IE7Pro) (Version: 2.5.1 - IE7Pro Team) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Malwarebytes Anti-Malware النسخة 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla) NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up (HKLM\...\Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1) (Version: - ) Snagit 10.0.1 (HKLM\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation) Snagit Stamps GeneratedStamps (Version: 1.0.0.0 - TechSmith Corporation) Hidden Transparent Image Converter 1.1 (HKLM\...\{DBBA30DF-C284-4684-84AB-FF66F35D568C}) (Version: 1.0.0 - Microsoft) Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4.3 - CrystalIDEA Software, Inc.) VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39) (HKLM\...\2DA959FE3D6F0F5BC313481E72071D510DD786FB) (Version: 12/19/2007 9.0.4.39 - Intel) Windows Driver Package - Realtek Semiconductor Corp. (RTL8023xp) Net (03/25/2009 5.719.0325.2009) (HKLM\...\085FF8DA84BC0ED2DB7AFC71FF1D5EF864A9C50D) (Version: 03/25/2009 5.719.0325.2009 - Realtek Semiconductor Corp.) Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) WinRAR 5.20 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.1 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1292428093-1220945662-1177238915-500_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> D:\Documents and Settings\Administrator\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation) CustomCLSID: HKU\S-1-5-21-1292428093-1220945662-1177238915-500_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> D:\Documents and Settings\Administrator\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation) CustomCLSID: HKU\S-1-5-21-1292428093-1220945662-1177238915-500_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> D:\Documents and Settings\Administrator\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation) CustomCLSID: HKU\S-1-5-21-1292428093-1220945662-1177238915-500_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> D:\Documents and Settings\Administrator\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: D:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job => D:\Program Files\Dll-Files.com Fixer\DLLFixer.exe Task: D:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job => D:\Program Files\Dll-Files.com Fixer\DLLFixer.exe Task: D:\WINDOWS\Tasks\User_Feed_Synchronization-{1C409140-EAAC-44E0-9E0A-98E2A2BE0273}.job => D:\WINDOWS\system32\msfeedssync.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-05-18 18:43 - 2010-10-27 01:06 - 00057344 _____ () D:\Program Files\notepad++\NppShell_02.dll 2016-05-18 18:43 - 2010-07-04 23:32 - 00010752 _____ () D:\WINDOWS\system32\UnlockerCOM.dll 2016-05-18 18:43 - 2008-08-13 19:20 - 00153600 _____ () D:\WINDOWS\system32\FGShellExt.dll 2016-05-18 18:43 - 2005-04-26 22:58 - 00014848 _____ () D:\WINDOWS\system32\DirLister\DirListerExt.dll 2016-05-18 18:43 - 2006-04-14 18:23 - 00114688 _____ () D:\WINDOWS\system32\HiddenFilesToggle.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\batfile\DefaultIcon: D:\WINDOWS\system32\shell32.dll,-278 <===== ATTENTION HKLM\...\comfile\DefaultIcon: D:\WINDOWS\system32\shell32.dll,-52 <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2004-08-04 13:00 - 2016-05-28 20:45 - 00000734 ____A D:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1292428093-1220945662-1177238915-500\Control Panel\Desktop\\Wallpaper -> D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp DNS Servers: 192.168.1.1 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: D:^Documents and Settings^Administrator^Start Menu^Programs^Startup^AvaFind.lnk => D:\WINDOWS\pss\AvaFind.lnkStartup MSCONFIG\startupfolder: D:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PandaUSBVaccine.lnk => D:\WINDOWS\pss\PandaUSBVaccine.lnkStartup MSCONFIG\startupreg: Adobe ARM => "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: CCleaner Monitoring => "D:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: CTFMON.EXE => D:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: DrvIcon => D:\WINDOWS\system32\DrvIcon.exe MSCONFIG\startupreg: egui => "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice MSCONFIG\startupreg: HotKeysCmds => D:\WINDOWS\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => D:\WINDOWS\system32\igfxtray.exe MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k MSCONFIG\startupreg: lclock => D:\WINDOWS\system32\lclock\Clock.exe MSCONFIG\startupreg: Persistence => D:\WINDOWS\system32\igfxpers.exe MSCONFIG\startupreg: PowerMenu => D:\WINDOWS\system32\PowerMenu\PowerMenu.exe -hideself on MSCONFIG\startupreg: Startup Monitor => D:\WINDOWS\system32\Startup Monitor.exe MSCONFIG\startupreg: Taskbar Shuffle => D:\WINDOWS\system32\taskbarshuffle.exe MSCONFIG\startupreg: TaskSwitch => D:\WINDOWS\system32\TaskSwitchXP.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome StandardProfile\AuthorizedApplications: [D:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (D:\Program Files\Mozilla Firefox) ==================== Restore Points ========================= 10-07-2016 03:03:01 System Checkpoint 10-07-2016 03:04:52 55555 ==================== Faulty Device Manager Devices ============= Name: Audio Device on High Definition Audio Bus Description: Audio Device on High Definition Audio Bus Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Modem Device on High Definition Audio Bus Description: Modem Device on High Definition Audio Bus Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/10/2016 03:08:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Application défaillante frst.exe, version 3.6.2016.0, module défaillant frst.exe, version 3.6.2016.0, adresse de défaillance 0x000211de. Traitement de l'événement propre au support pour [frst.exe!ws!] Error: (07/09/2016 08:08:21 AM) (Source: VBRuntime) (EventID: 1) (User: ) Description: The VB Application identified by the event source logged this Application MSICUU: Thread ID: 1672 ,Logged: Success: D:\Program Files\Windows Installer Clean Up\msizap.exe TW! {4EAE8F8E-0C2E-4814-9A04-635AFB9050AA} Error: (07/09/2016 02:48:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Application défaillante setup.exe, version 11.50.0.42618, module défaillant setup.dll, version 11.50.0.42618, adresse de défaillance 0x0001f588. Traitement de l'événement propre au support pour [setup.exe!ws!] Error: (07/08/2016 09:45:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Application défaillante plugin-container.exe, version 43.0.1.5828, module défaillant mozglue.dll, version 43.0.1.5828, adresse de défaillance 0x0000ed63. Traitement de l'événement propre au support pour [plugin-container.exe!ws!] Error: (06/28/2016 12:48:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Application défaillante snagit32.exe, version 10.0.1.58, module défaillant msvcr90.dll, version 9.0.21022.8, adresse de défaillance 0x0003b690. Traitement de l'événement propre au support pour [snagit32.exe!ws!] Error: (05/26/2016 10:52:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Application défaillante mxcrashreport.exe, version 3.0.1.6, module défaillant maxzlib.dll, version 1.2.3.6, adresse de défaillance 0x00012ec8. Traitement de l'événement propre au support pour [mxcrashreport.exe!ws!] Error: (05/26/2016 10:18:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Application défaillante mxcrashreport.exe, version 3.0.1.6, module défaillant maxzlib.dll, version 1.2.3.6, adresse de défaillance 0x00012ec8. Traitement de l'événement propre au support pour [mxcrashreport.exe!ws!] Error: (05/24/2016 10:57:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Application défaillante , version 0.0.0.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000. Traitement de l'événement propre au support pour [!ws!] Error: (05/24/2016 05:26:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Application défaillante , version 0.0.0.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000. Traitement de l'événement propre au support pour [!ws!] Error: (05/23/2016 11:36:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Application défaillante , version 0.0.0.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000. Traitement de l'événement propre au support pour [!ws!] System errors: ============= Error: (07/09/2016 11:10:29 AM) (Source: Dhcp) (EventID: 1002) (User: ) Description: Le bail de l'adresse IP 192.168.1.5 pour la carte réseau dont l'adresse réseau est 0013CEA0306E a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK). Error: (07/09/2016 08:14:21 AM) (Source: DCOM) (EventID: 10005) (User: LIGHT-SP3) Description: DCOM a reçu l'erreur "%%1058" lors de la mise en route du service wuauserv avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (07/08/2016 08:52:04 AM) (Source: Dhcp) (EventID: 1002) (User: ) Description: Le bail de l'adresse IP 192.168.1.5 pour la carte réseau dont l'adresse réseau est 0013CEA0306E a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK). Error: (07/07/2016 09:22:54 AM) (Source: Dhcp) (EventID: 1002) (User: ) Description: Le bail de l'adresse IP 192.168.1.5 pour la carte réseau dont l'adresse réseau est 0013CEA0306E a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK). Error: (07/06/2016 10:51:58 AM) (Source: Dhcp) (EventID: 1002) (User: ) Description: Le bail de l'adresse IP 192.168.1.5 pour la carte réseau dont l'adresse réseau est 0013CEA0306E a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK). Error: (06/29/2016 06:06:09 AM) (Source: Dhcp) (EventID: 1002) (User: ) Description: Le bail de l'adresse IP 192.168.1.4 pour la carte réseau dont l'adresse réseau est 0013CEA0306E a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK). Error: (06/28/2016 12:46:25 PM) (Source: W32Time) (EventID: 34) (User: ) Description: Le service de temps a détecté que l'heure système doit être modifiée de -2815143 secondes. Le service de temps ne va pas modifier l'heure système de plus de -54000 secondes. Vérifiez que votre heure et votre fuseau horaire sont corrects et que la source de temps time.windows.com (ntp.m|0x1|192.168.1.4:123->40.69.40.157:123) fonctionne correctement. Error: (06/29/2016 08:24:04 PM) (Source: W32Time) (EventID: 34) (User: ) Description: Le service de temps a détecté que l'heure système doit être modifiée de -2930348 secondes. Le service de temps ne va pas modifier l'heure système de plus de -54000 secondes. Vérifiez que votre heure et votre fuseau horaire sont corrects et que la source de temps time.windows.com (ntp.m|0x1|192.168.1.4:123->40.69.40.157:123) fonctionne correctement. Error: (05/26/2016 06:45:23 PM) (Source: W32Time) (EventID: 34) (User: ) Description: Le service de temps a détecté que l'heure système doit être modifiée de -169173 secondes. Le service de temps ne va pas modifier l'heure système de plus de -54000 secondes. Vérifiez que votre heure et votre fuseau horaire sont corrects et que la source de temps time.windows.com (ntp.m|0x1|192.168.1.4:123->52.169.179.91:123) fonctionne correctement. Error: (05/21/2016 05:24:24 PM) (Source: Dhcp) (EventID: 1002) (User: ) Description: Le bail de l'adresse IP 192.168.1.6 pour la carte réseau dont l'adresse réseau est 0013CEA0306E a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK). ==================== Memory info =========================== Processor: Intel(R) Pentium(R) M processor 1.73GHz Percentage of memory in use: 92% Total physical RAM: 502.05 MB Available physical RAM: 39.97 MB Total Virtual: 1227.16 MB Available Virtual: 588.69 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[drive with boot components (Windows XP)] Drive d: () (Fixed) (Total:55.79 GB) (Free:50.18 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 55.9 GB) (Disk ID: FD4DFD4D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================