Two Farbar scans are here. Note...I remembered after I had begin a FRST scan that you wanted a reboot after the JRT session...I could not find a way to terminate the scan in progress, so just shut down the computer to reboot. This may show up in the data, but it was intentional.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by - (administrator) on --- (04-09-2015 10:45:54)
Running from C:\Users\-\Desktop
Loaded Profiles: - (Available Profiles: - & G2G)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sysinternals - www.sysinternals.com) C:\Windows\Sysmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\shellmon.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1378250238\ee\aolsoftware.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE [72296 2014-07-02] (AOL Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.94.156.15 68.94.157.15 192.168.0.1
Tcpip\..\Interfaces\{B3108319-D40F-461F-9AEC-F44EE2E2F432}: [DhcpNameServer] 68.94.156.15 68.94.157.15 192.168.0.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {8E1D5C6C-692F-4D26-982E-63A4D052AB5B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {8E1D5C6C-692F-4D26-982E-63A4D052AB5B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://online.novanthealth.org/dana-cached/sc/JuniperSetupClient.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2010-01-04] (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3041954770-2689275738-3687636849-1000: @hulu.com/Hulu Desktop -> C:\Users\-\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [{4C0766D3-67A7-45a3-85A2-752F77312F32}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-05-25] (Macrovision Europe Ltd.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-09-16] (Hewlett-Packard Company) [File not signed]
R2 Sysmon; C:\Windows\Sysmon.exe [815248 2015-09-03] (Sysinternals - www.sysinternals.com)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-11-13] (C-Media Inc)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R0 SysmonDrv; C:\WINDOWS\SysmonDrv.sys [95568 2015-09-03] (Sysinternals - www.sysinternals.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
S3 P17; system32\drivers\P17.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-04 10:36 - 2015-09-04 10:46 - 00015823 _____ C:\Users\-\Desktop\FRST.txt
2015-09-04 10:16 - 2015-09-04 10:16 - 01799392 _____ (Malwarebytes Corporation) C:\Users\-\Desktop\JRT.exe
2015-09-03 20:06 - 2015-09-03 20:06 - 00293136 _____ C:\WINDOWS\Minidump\090315-29234-01.dmp
2015-09-03 18:23 - 2015-09-03 18:23 - 00001304 _____ C:\Users\-\Desktop\Notepad.lnk
2015-09-03 18:10 - 2015-09-03 19:51 - 00000000 ____D C:\Users\-\AppData\Roaming\tor
2015-09-03 18:02 - 2015-09-03 20:06 - 511173455 _____ C:\Program Files\MEMORY.DMP
2015-09-03 18:02 - 2015-09-03 20:06 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-03 18:02 - 2015-09-03 18:02 - 00293136 _____ C:\WINDOWS\Minidump\090315-23041-01.dmp
2015-09-03 17:27 - 2015-09-03 18:14 - 00002141 _____ C:\WINDOWS\system32\1
2015-09-03 17:11 - 2015-09-03 17:11 - 07134400 _____ (Sysinternals - www.sysinternals.com) C:\Users\-\Desktop\disk2vhd.exe
2015-09-03 16:49 - 2015-09-03 16:49 - 00000000 ____D C:\Users\G2G\AppData\Roaming\Hewlett-Packard
2015-09-03 16:48 - 2015-09-03 16:49 - 00000000 ____D C:\Users\G2G\AppData\Local\Hewlett-Packard
2015-09-03 16:48 - 2015-09-03 16:48 - 00001419 _____ C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-03 16:48 - 2015-09-03 16:48 - 00000020 ___SH C:\Users\G2G\ntuser.ini
2015-09-03 16:48 - 2015-09-03 16:48 - 00000000 ____D C:\Users\G2G\AppData\Roaming\Adobe
2015-09-03 16:48 - 2015-09-03 16:48 - 00000000 ____D C:\Users\G2G\AppData\Local\VirtualStore
2015-09-03 16:48 - 2015-09-03 16:48 - 00000000 ____D C:\Users\G2G
2015-09-03 16:48 - 2012-10-13 13:27 - 00000000 ____D C:\Users\G2G\AppData\Roaming\TuneUp Software
2015-09-03 16:48 - 2012-10-06 13:14 - 00000000 ___RD C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-03 16:48 - 2012-10-06 13:14 - 00000000 ___RD C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-03 16:48 - 2010-05-23 00:59 - 00000000 ____D C:\Users\G2G\AppData\Local\Microsoft Help
2015-09-03 16:48 - 2010-01-21 22:44 - 00001972 _____ C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
2015-09-03 10:34 - 2015-09-03 10:34 - 01118208 _____ C:\Users\-\Desktop\SysMon.evtx
2015-09-03 10:23 - 2015-09-03 10:23 - 00710948 _____ C:\WINDOWS\system32\CFG2825601889
2015-09-03 10:19 - 2015-09-03 10:19 - 00815248 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\Sysmon.exe
2015-09-03 10:19 - 2015-09-03 10:19 - 00095568 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\SysmonDrv.sys
2015-09-03 10:18 - 2015-09-03 10:18 - 01521296 _____ (Sysinternals - www.sysinternals.com) C:\Users\-\Desktop\sysmon.exe
2015-09-02 16:39 - 2015-09-02 16:39 - 02188800 _____ (Farbar) C:\Users\-\Desktop\FRST64.exe
2015-09-02 11:57 - 2015-09-02 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DIY DataRecovery MBRtool
2015-09-02 11:57 - 2015-09-02 11:57 - 00000000 ____D C:\Program Files (x86)\DIY DataRecovery MBRtool
2015-09-02 11:55 - 2015-09-02 11:55 - 02383977 _____ (DIY DataRecovery.nl ) C:\Users\-\Desktop\MBRtool_Setup.exe
2015-09-02 09:06 - 2015-09-02 09:06 - 00000000 ____D C:\Users\-\Desktop\FRST-OlderVersion
2015-09-01 11:51 - 2013-09-04 14:57 - 00031264 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2015-09-01 11:51 - 2013-05-23 08:39 - 00041032 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2015-08-31 10:45 - 2015-08-31 10:45 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-----Windows-7-Home-Premium-(64-bit).dat
2015-08-31 10:44 - 2015-08-31 10:44 - 00000000 ____D C:\RegBackup
2015-08-31 10:43 - 2015-08-31 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-08-31 10:43 - 2015-08-31 10:43 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-08-31 01:03 - 2015-09-04 10:45 - 00000000 ____D C:\FRST
2015-08-30 20:13 - 2015-08-31 01:20 - 00000000 ____D C:\Users\-\AppData\Local\Adobe
2015-08-30 19:28 - 2015-09-01 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-30 19:28 - 2015-09-01 15:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-28 22:14 - 2015-08-28 22:14 - 00000000 ____D C:\Users\-\AppData\Local\Apple
2015-08-15 13:51 - 2015-08-15 13:51 - 00000205 _____ C:\Users\-\Desktop\C-Media PCI Audio - Shortcut (2).lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-04 10:43 - 2010-03-19 08:29 - 01233668 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-04 10:38 - 2012-10-07 23:51 - 13891400 _____ C:\WINDOWS\PFRO.log
2015-09-04 10:38 - 2012-10-07 11:38 - 00017866 _____ C:\WINDOWS\setupact.log
2015-09-04 10:38 - 2009-07-14 01:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-04 10:08 - 2010-05-23 18:20 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-04 09:31 - 2014-09-17 10:13 - 00000000 ____D C:\ProgramData\MFAData
2015-09-03 23:55 - 2014-09-16 14:37 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-03 22:54 - 2009-07-14 00:45 - 00018736 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-03 22:54 - 2009-07-14 00:45 - 00018736 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-03 22:39 - 2009-07-14 01:38 - 00025600 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-09-03 22:39 - 2009-07-14 01:32 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-09-02 11:47 - 2009-07-14 01:13 - 00786598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-02 11:02 - 2010-05-20 13:53 - 00000000 ____D C:\Users\-
2015-09-02 11:00 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\registration
2015-09-01 16:17 - 2012-10-06 11:14 - 00000000 ___RD C:\Users\-\Desktop\Security
2015-08-31 00:24 - 2010-06-12 14:00 - 00000000 ____D C:\Users\-\AppData\Roaming\HpUpdate
2015-08-31 00:17 - 2014-09-26 23:41 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-08-31 00:17 - 2014-09-26 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-31 00:17 - 2014-09-16 14:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-31 00:17 - 2010-05-25 00:17 - 00000000 ____D C:\ProgramData\FLEXnet
2015-08-31 00:17 - 2010-05-22 18:59 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-31 00:17 - 2010-05-20 13:53 - 00000000 ____D C:\Users\-\AppData\Local\Hewlett-Packard
2015-08-31 00:17 - 2010-01-21 23:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-08-31 00:17 - 2010-01-21 22:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-08-31 00:17 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-31 00:13 - 2014-04-11 03:33 - 00000000 ____D C:\Users\-\AppData\Local\AOL
2015-08-30 22:11 - 2014-09-27 00:01 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-27 22:06 - 2014-05-19 00:46 - 00000000 ____D C:\Users\-\Documents\Barrow Broadcasting (Batten)
2015-08-27 19:30 - 2015-07-02 10:45 - 00000000 ____D C:\Users\-\Desktop\Syner West Virginia Translator
2015-08-19 11:26 - 2012-04-24 22:17 - 00000000 ____D C:\Users\-\AppData\Roaming\licenses
2015-08-11 18:55 - 2014-03-20 12:14 - 00000000 ____D C:\Users\-\Desktop\WZOO Asheboro
2015-08-11 02:05 - 2013-08-21 23:41 - 00000000 ____D C:\Users\-\AppData\Local\Deployment
2015-08-09 10:58 - 2015-08-02 22:52 - 00000000 ____D C:\Users\-\Desktop\Golf With Dave and Family 8-2-16
==================== Files in the root of some directories =======
2015-09-03 18:02 - 2015-09-03 20:06 - 511173455 _____ () C:\Program Files\MEMORY.DMP
2012-12-21 21:34 - 2012-12-21 21:34 - 0751078 _____ () C:\Users\-\AppData\Roaming\1.bmp
2012-12-21 21:34 - 2012-12-21 21:34 - 0114890 _____ () C:\Users\-\AppData\Roaming\1.jpg
2012-11-05 00:15 - 2012-11-05 00:37 - 0000077 _____ () C:\Users\-\AppData\Roaming\Rim.Desktop.Exception.log
2012-11-05 00:14 - 2012-11-05 00:14 - 0001153 _____ () C:\Users\-\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-11-05 00:15 - 2012-11-05 00:37 - 0000077 _____ () C:\Users\-\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-02-04 23:15 - 2014-02-04 23:15 - 0000000 _____ () C:\Users\-\AppData\Roaming\SharedSettings.ccs
2011-05-15 12:36 - 2011-05-15 12:36 - 0020179 _____ () C:\Users\-\AppData\Roaming\UserTile.png
2010-05-22 21:56 - 2010-05-22 21:56 - 0000000 _____ () C:\Users\-\AppData\Roaming\wklnhst.dat
2010-11-21 23:40 - 2015-02-12 10:40 - 0010240 _____ () C:\Users\-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 14:46 - 2012-08-10 14:46 - 0027520 _____ () C:\Users\-\AppData\Local\dt.dat
2010-06-02 18:25 - 2014-10-29 10:20 - 0007603 _____ () C:\Users\-\AppData\Local\Resmon.ResmonCfg
2015-07-13 11:36 - 2015-07-13 11:36 - 0000057 _____ () C:\ProgramData\Ament.ini
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-01 10:44
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by - (2015-09-04 10:47:13)
Running from C:\Users\-\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
- (S-1-5-21-3041954770-2689275738-3687636849-1000 - Administrator - Enabled) => C:\Users\-
Administrator (S-1-5-21-3041954770-2689275738-3687636849-500 - Administrator - Disabled)
G2G (S-1-5-21-3041954770-2689275738-3687636849-1001 - Administrator - Enabled) => C:\Users\G2G
Guest (S-1-5-21-3041954770-2689275738-3687636849-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
All Video Downloader V 1.5 (HKLM-x32\...\All Video Downloader_is1) (Version: 1.5.0.0 - allvideodownloader.com)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression for Kodak (HKLM-x32\...\{9B260944-746E-4966-8918-0F9636930456}) (Version: 2.0.24.1127 - ArcSoft)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies)
AVG 2015 (Version: 15.0.4409 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Contents (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
Corel VideoStudio Ultimate X6 (HKLM-x32\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.1.0.45 - Corel Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DIY DataRecovery MBRtool (HKLM-x32\...\MBRtool_is1) (Version: 2.3.200 - DIY DataRecovery.nl)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8100 Basic Device Software (HKLM\...\{E6403545-8324-47B4-ADCD-4F8A4CD8A1E1}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Help (HKLM-x32\...\{F80C8BC5-F15E-41AE-80BB-7BF670B56BA2}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8100 Product Improvement Study (HKLM\...\{80008B59-74E1-4284-BD1D-A73A22FB5C32}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
ICA (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
IPM_VS_Pro (x32 Version: 16.0 - Corel Corporation) Hidden
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{BE7E6C3D-A42B-4BA3-9767-124EB8ED27E3}) (Version: 1.18.19.1 - LightScribe)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
MakeMKV v1.8.1 (HKLM-x32\...\MakeMKV) (Version: v1.8.1 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Setup (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
Share (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
Share64 (Version: 16.1.0.45 - Corel Corporation) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSClassic (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
VSHelp (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
VSUltimate (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Ze Converter V 1.1 (HKLM-x32\...\Ze Converter_is1) (Version: 1.1.0.0 - zeconverter.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
17-08-2015 13:47:53 Scheduled Checkpoint
25-08-2015 14:10:23 Scheduled Checkpoint
27-08-2015 03:31:13 Restore Operation
31-08-2015 10:33:59 before malware fix
02-09-2015 09:07:52 Restore Point Created by FRST
02-09-2015 09:53:01 Restore Point Created by FRST
02-09-2015 10:57:03 Restore Operation
02-09-2015 16:32:38 Restore Point Created by FRST
03-09-2015 10:21:57 Restore Point Created by FRST
04-09-2015 10:06:53 Removed Java 7 Update 67
04-09-2015 10:16:53 JRT Pre-Junkware Removal
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2012-10-08 22:58 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3053F8DB-36F9-499C-B067-5CA2745C74DF} - System32\Tasks\{37D41F28-B1FB-4749-BF2D-664E8630CCE4} => C:\Program Files (x86)\AOL Desktop 9.6\aol.exe
Task: {3B4FC1B6-8937-4306-8D2B-A511B2472265} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {3EF3A432-E780-4BDF-978C-BA8593E6FC01} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {52099A30-B699-4176-BC3A-DC2DAB6D0978} - System32\Tasks\{C534A890-E878-4DBD-A113-D019B7671CE4} => C:\Program Files (x86)\AOL Desktop 9.6\aol.exe
Task: {6FB680D9-00F8-48B9-9295-02CA5F5ACD85} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ACD5441E-EBAC-43E6-916C-2CD77A80C77D} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {C6ADEFDB-5BFB-4C0E-AE6C-BC4F891D4784} - System32\Tasks\HPCustParticipation HP Officejet Pro 8100 => C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPCustPartic.exe [2012-11-01] (Hewlett-Packard Co.)
Task: {C91A757A-3C17-4A85-8591-13908F1F3B8B} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {F14F809F-516C-4633-A9E5-7556216A8F2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {F5D3099D-9881-4323-B32E-B5B9CD1BDEB4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN27RBK0QK => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (Whitelisted) ==============
2009-09-14 20:17 - 2009-09-14 20:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-07-02 05:17 - 2014-07-02 05:17 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\zlib.dll
2014-07-02 05:17 - 2014-07-02 05:17 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\libcef.dll
2014-07-02 05:17 - 2014-07-02 05:17 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\libglesv2.dll
2014-07-02 05:17 - 2014-07-02 05:17 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\libegl.dll
2009-10-22 22:50 - 2009-10-22 22:50 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\-\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.94.156.15 - 68.94.157.15
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeActiveFileMonitor7.0 => 2
MSCONFIG\Services: AOL ACS => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^-^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b3zrgk.lnk => C:\Windows\pss\b3zrgk.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE" -b
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: ArcSoft MediaImpression Monitor => C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: CmPCIaudio => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1378250238\ee\AOLSoftware.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PC-Doctor for Windows localizer => C:\Program Files\PC-Doctor for Windows\localizer.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{828C3C71-3431-4546-8F89-2AD9F7CC4BCE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{69E0403C-D2E2-46E8-89D6-E3E7F8B36CBE}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{F351DE41-C0DB-468F-B577-4461D91CC6CC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{79D212D7-C4EC-430B-B882-7155B025107B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{9317C0DF-3AA4-4DAF-B440-C334A6C7504D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{E4C7F735-3720-446F-AECE-44AD2A42F9BF}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{0DFF4545-37E2-4AE9-A030-C14340594D8E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{185621C1-D1A6-40FA-8DB2-FE128569BA16}] => (Allow) svchost.exe
FirewallRules: [{B3EC2BB3-FAEC-4142-996D-4C7211D2E49D}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{67038F88-38AB-4237-8563-ED6C30523C21}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{38BBEF36-93D4-4874-9636-15DB80FB4A84}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{6B1B117A-33C4-4C3B-BD87-DE5E2AAF81B0}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{479373E9-253D-4013-936A-189E910DA642}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{D680CF66-7E01-499B-B438-8338B35D3678}] => (Allow) C:\Program Files (x86)\Common Files\aol\1275514242\ee\aolsoftware.exe
FirewallRules: [{3C427E61-6864-4627-BC1A-57DDEB892096}] => (Allow) C:\Program Files (x86)\Common Files\aol\1275514242\ee\aolsoftware.exe
FirewallRules: [{ABDD54AA-1B38-4822-BC8F-786E5A5062D2}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe
FirewallRules: [{86660C72-385C-4DC7-BCC4-CB70EF6BB4DB}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe
FirewallRules: [{2BADC056-AB37-4A47-92B1-02E4A688818C}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{187347AD-03DA-40B4-BD1C-552DC07C97BA}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{ED7CC2CB-F889-415C-B35F-989646E78EA5}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{13C8C421-672E-432F-84D4-8F4A88E49CAD}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{3DB96FDC-EAAB-4E8E-B8A4-5284C984C6E3}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{69BCD9C5-ADB9-48B9-B89D-B3A632C95903}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{4D71495B-B256-464B-A0FB-54A82610C787}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{836EDBC5-ED92-47D3-B996-E5861B714058}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [TCP Query User{982CD36C-18F5-441C-BE90-8C3D2A8C726F}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{7C9B33DC-04F6-4BB9-8193-83EABE97205D}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{8474E0ED-4C47-41E6-B15B-0AA7C9136A65}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{EA0B01D1-43B4-4302-AA4F-2D6C11876D4E}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{262A870F-0787-4E2F-B79F-B29284C9F03D}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{286BF60D-FA07-4351-80A2-C96014778572}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{2C5C0F43-498D-494A-8168-3B1F2CCA5DC4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2AF8B3A-7A96-42EC-A482-3A1A07ACB945}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB8C8D43-ACFD-416D-8F53-859984496462}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{59362BC2-9F9D-4C85-90D5-F996967E92C5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A630FCFC-51BE-4D26-8912-16AE13EC2EB6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ECC2DC52-217E-4899-BCC6-65FFA80C2C94}] => (Allow) LPort=2869
FirewallRules: [{B93828FB-DCA5-4C9B-950E-5AC57A8955D1}] => (Allow) LPort=1900
FirewallRules: [{BA758F7C-B0F5-4507-A54E-6F1EA96DEB91}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E55FD219-0A0D-4FC9-BE36-928665D390BD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9018F4FE-1F21-4EB8-9CD6-6A4867AC5CC8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{D365654D-7966-442E-BE23-95A09A26623F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{A2ADC619-D9C6-460D-9B95-3B7DEB1D8C91}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1376918974\ee\aolsoftware.exe
FirewallRules: [{280F311B-F320-4880-9978-5209D4B8BAB7}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1376918974\ee\aolsoftware.exe
FirewallRules: [{27C90569-C251-4F09-9C48-82F7B5F09436}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{97CD47B0-FEDA-437C-AD36-D35F84BCE3E2}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{DEDFBCED-4F46-4260-BCA7-6F23C432EF35}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{7BD0A31C-094C-4BEA-AB66-152056CB1F7D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [TCP Query User{F16CE905-99EC-4CF8-A043-61ADEBCE9DBE}C:\program files (x86)\microsoft office\office12\winword.exe] => (Allow) C:\program files (x86)\microsoft office\office12\winword.exe
FirewallRules: [UDP Query User{1A687E59-1ABB-42CB-887E-538EF6FBC4EB}C:\program files (x86)\microsoft office\office12\winword.exe] => (Allow) C:\program files (x86)\microsoft office\office12\winword.exe
FirewallRules: [{5351B3E1-9320-4959-907C-3E21F440682E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1378250238\ee\aolsoftware.exe
FirewallRules: [{412B48EF-713C-40DF-8E78-C272AF09799C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1378250238\ee\aolsoftware.exe
FirewallRules: [{46933582-BA2B-4D3B-B51C-B5E24F2420D7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{0C8277BA-84F8-4D86-A39E-535CA7C78E34}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{B9327A15-E829-4A6B-9F09-10CB0EEB5E3A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{254BEEEE-E622-48C7-A1AF-CCFA38892833}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{054511D7-D411-4BF5-AF55-CCA6F5972F37}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{5072425E-8AE2-42A4-AA6F-CFBA85EA59FF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{CE840254-4753-48B2-97B8-C317B0677E78}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe
FirewallRules: [{9FE6F0A6-012A-40FD-BB44-1E809BF33EC3}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe
FirewallRules: [{B0BE02C1-87BF-422B-9944-15BDCA540736}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1E9F1667-F866-4EB4-86CF-2E2CA2012DEC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C3624C40-F71F-42B2-B53C-88A44E88AE11}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{9794F58E-6D11-48AA-8328-647B2B4E2C43}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{ED5B54FE-1ED5-49A0-B7FA-F4268C57620D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{8917E214-A472-4114-BB12-1503645629F6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{1F2794BD-4DED-493C-AF7A-146FCBBF9199}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{6A121635-12D8-4CFD-B188-92A888B770F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{12059287-6703-4C90-84FA-CEFA4F891360}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8100\Bin\DeviceSetup.exe
FirewallRules: [{02F5FEB0-5189-4460-9961-97CD62042CE8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E881B41F-D5D4-4CA9-95B5-13972152A774}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{9B4411CD-AD03-43E9-8097-61624E3DCA46}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{ADFD401D-0557-436F-86EF-E12C878B2DF5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{565EDCF5-4971-43A5-97E8-B19046B0A3E4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FBFA60BF-AEFD-4D26-9775-8B8D49600DAE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{7AB5A778-FAA6-41EF-8EF7-8D182223394E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{43345F4C-E535-4DAC-9262-6A01CF1D8560}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/03/2015 10:44:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00014f08
Faulting process id: 0x878
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (09/03/2015 09:11:40 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{501e0625-3352-11df-b392-806e6f6e6963} - 000000000000013C,0x0053c06c,000000000042DE10,0,000000000042CE00,4096,[0]). hr = 0x8007045d, The request could not be performed because of an I/O device error.
.
Operation:
Automatically choosing a diff-area volume
Processing EndPrepareSnapshots
Context:
Execution Context: System Provider
Error: (09/03/2015 09:11:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9dd3830f-c695-420f-aaec-d0827320cd8c}
Error: (09/03/2015 08:39:14 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{501e0625-3352-11df-b392-806e6f6e6963} - 000000000000013C,0x0053c06c,000000000057DE10,0,000000000057CE00,4096,[0]). hr = 0x8007045d, The request could not be performed because of an I/O device error.
.
Operation:
Automatically choosing a diff-area volume
Processing EndPrepareSnapshots
Context:
Execution Context: System Provider
Error: (09/03/2015 08:39:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9dd3830f-c695-420f-aaec-d0827320cd8c}
Error: (09/03/2015 05:59:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/03/2015 05:59:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/03/2015 05:59:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WeatherBug.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: a68
Start Time: 01d0e6937a3355b0
Termination Time: 182
Application Path: C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
Report Id: 021c39d9-5287-11e5-8060-00038a000015
Error: (09/03/2015 05:28:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x59c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (09/03/2015 05:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00014f08
Faulting process id: 0xb4c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
System errors:
=============
Error: (09/04/2015 10:41:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (09/04/2015 10:18:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).
Error: (09/04/2015 10:18:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (09/04/2015 10:18:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
Error: (09/04/2015 10:18:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
Error: (09/04/2015 10:18:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (09/04/2015 10:18:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/04/2015 10:18:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sysmon service terminated unexpectedly. It has done this 1 time(s).
Error: (09/04/2015 10:18:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
Error: (09/04/2015 10:18:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office:
=========================
Error: (03/29/2013 02:06:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 70 seconds with 60 seconds of active time. This session ended with a crash.
Error: (03/29/2013 02:04:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2730 seconds with 2280 seconds of active time. This session ended with a crash.
CodeIntegrity:
===================================
Date: 2012-10-08 22:55:22.736
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-10-08 22:55:22.649
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-05-24 13:49:11.798
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmudax3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-05-24 13:49:11.767
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmudax3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-05-22 17:57:35.945
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmudax3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-05-22 17:57:35.914
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmudax3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-05-22 17:56:01.766
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmudax3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-05-22 17:56:01.766
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmudax3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-05-22 17:54:00.382
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\-\AppData\Local\Temp\{62B9EEF3-3A54-4B7C-8923-B55131312D72}\{0DFF25A2-876E-4E5D-B97A-78BD400AE68B}\cmiainfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-05-22 17:54:00.366
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\-\AppData\Local\Temp\{62B9EEF3-3A54-4B7C-8923-B55131312D72}\{0DFF25A2-876E-4E5D-B97A-78BD400AE68B}\cmiainfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Athlon II X4 620 Processor
Percentage of memory in use: 61%
Total physical RAM: 5887.24 MB
Available physical RAM: 2252.15 MB
Total Virtual: 11772.66 MB
Available Virtual: 8160.72 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:920.06 GB) (Free:797.45 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.91 GB) (Free:1.58 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive z: (SYSTEM) (Fixed) (Total:0.44 GB) (Free:0.39 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.1 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=450 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================