Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown tool bar / Kasperskys / Norton

Started by Amanda Martin , Dec 06 2019 10:28 AM

  • Please log in to reply

#1
Amanda Martin
Posted 06 December 2019 - 10:28 AM

Amanda Martin

    Member

  • Member
  • PipPip
  • 17 posts

Mom's comp got infected from a fraudy website. She has Kasperskys and Norton. Kasperskys say Norton is disabled. Norton shows it's working just fine. She also has a weird toolbar on the desktop. No idea where to start to fix this. Please help!


  • 0

Advertisements

#2
RKinner
Posted 06 December 2019 - 02:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

If you have Kaspersky and Norton your PC is going to run very slowly as they will fight each other.  Uninstall Norton (make sure you are not still paying for it as they usually set up with an auto-charge on your credit card.)  Then:

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.



 


  • 0

#3
Amanda Martin
Posted 07 December 2019 - 01:29 PM

Amanda Martin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2019
Ran by Owner (administrator) on OWNER-PC (HP-Pavilion NY429AA-ABA p6110y) (07-12-2019 11:16:36)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Agere Systems) C:\Program Files\LSI SoftModem\agr64svc.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\nortonsecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\nortonsecurity.exe
(The Weather Channel) [File not signed] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4700840 2016-11-17] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-10] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-10] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4700840 2016-11-17] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [DW7] => C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2014-01-11] (The Weather Channel) [File not signed]
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc -> Google Inc.)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe [468408 2009-06-05] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ATLANT~1.SCR
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe [2016-04-11] (Google Inc -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {26D0B43C-0ED6-4D4A-BA9A-0205B4C0D6A8} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard -> Hewlett-Packard)
Task: {7B770F17-E8B3-41A5-A6EF-FB4F88C6468E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-10] (Google Inc -> Google Inc.)
Task: {A099A9F1-AA1C-4A2F-A34E-387E09FE91DB} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\SymErr.exe [101904 2019-03-27] (Symantec Corporation -> Symantec Corporation)
Task: {A7AAAA45-C0C0-4C37-B6DA-62B898F0C0CE} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [86016 2009-02-24] (Hewlett-Packard) [File not signed]
Task: {CBB362F4-3CDA-437E-92CC-9400EA8E18D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-10] (Google Inc -> Google Inc.)
Task: {D37149E0-F980-463A-BF08-74723883AAA6} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\SymErr.exe [101904 2019-03-27] (Symantec Corporation -> Symantec Corporation)
Task: {E65B1AF6-7BDC-4BC4-B956-9F8F9669C352} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-752817650-2183412088-3519692294-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {EB1ED633-5561-4159-86A2-240ADEF73A6F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [3278664 2016-08-16] (Symantec Corporation -> Symantec Corporation)
Task: {F3B02793-570F-457D-BC4C-60AAADB3C505} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-752817650-2183412088-3519692294-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F86F5CFD-B0B2-483A-A3AF-4490B853B63F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\WSCStub.exe [2271192 2019-03-27] (Symantec Corporation -> Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26
Tcpip\..\Interfaces\{004DD533-337D-4FA5-A83E-81CD6DCB1AB4}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{BB87927F-FECB-4A54-94DD-CE5FDDDD1D49}: [DhcpNameServer] 192.168.0.1 205.171.3.26
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com?prt=ns&chn=1000880&geo=us&ver=22.9.1.12&locale=en_us&guid=99bdb360-45bd-11de-bea5-00248c7dd45b&doi=2016-03-14&o=APN11915
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=US&ver=22.15.2.22&locale=en_US&guid=99bdb360-45bd-11de-bea5-00248c7dd45b&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> {E4AC6792-B4AA-4C34-9858-E84C94B89383} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2013-10-08] (Eyeo GmbH -> Adblock Plus) [File not signed]
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.15.2.22\coIEPlg.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc -> Google Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2013-10-08] (Eyeo GmbH -> Adblock Plus) [File not signed]
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.15.2.22\coIEPlg.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-07-09] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media ) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.aol.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://eikgefpofckhgbnhklemehpincmanagp/newtab/quicktab.html", Not-active:"chrome-extension://afjkfckcefjophkghnnoiejdggocollc/product.html", Not-active:"chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Notifications: Default -> hxxp://www.aol.com; hxxps://mail.google.com; hxxps://www.aol.com; hxxps://www.aol.com; hxxps://www.truthfinder.com
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2019-12-07]
CHR Extension: (QuickWeatherTracker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjkfckcefjophkghnnoiejdggocollc [2019-12-06]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-03]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-03]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-09-02]
CHR Extension: (My Package Homepage) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eikgefpofckhgbnhklemehpincmanagp [2018-07-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2018-10-06]
CHR Extension: (Norton Safe Web) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-08]
CHR Extension: (Pinterest Save Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-11-09]
CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2017-11-26]
CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-04-27]
CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-12]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-14]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2008-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Agere Systems)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5911720 2016-11-17] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NortonSecurity; C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\NortonSecurity.exe [328648 2019-03-27] (Symantec Corporation -> Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Windows -> Microsoft Corporation)
R3 msiserver; %systemroot%\system32\msiexec /V [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1254400 2009-01-20] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20191203.001\BHDrvx64.sys [1952136 2019-09-27] (Symantec Corporation -> Symantec Corporation)
S3 BVRPMPR5; C:\Windows\SysWOW64\drivers\BVRPMPR5.SYS [44224 2006-10-05] (BVRP Software) [File not signed]
R1 ccSet_NGC; C:\Windows\system32\drivers\NGCx64\160F020.016\ccSetx64.sys [189152 2019-03-27] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-10-18] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2019-10-18] (Symantec Corporation -> Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20191205.061\IDSvia64.sys [1451016 2019-08-22] (Symantec Corporation -> Symantec Corporation)
R3 rt61x64; C:\Windows\System32\DRIVERS\netr6164.sys [390144 2008-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Ralink Technology, Corp.)
R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [195584 2009-01-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Corporation )
R3 SRTSP; C:\Windows\System32\Drivers\NGCx64\160F020.016\SRTSP64.SYS [846928 2019-03-27] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NGCx64\160F020.016\SRTSPX64.SYS [51168 2019-03-27] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\160F020.016\SYMEFASI64.SYS [1969312 2019-03-27] (Symantec Corporation -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-27] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NGCx64\160F020.016\Ironx64.SYS [307792 2019-03-27] (Symantec Corporation -> Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NGCx64\160F020.016\symtdiv.sys [468616 2019-03-27] (Symantec Corporation -> Symantec Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20170430.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20170430.001\NAVEX15.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-12-07 11:14 - 2019-12-07 11:14 - 002263552 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2019-12-07 11:14 - 2019-12-07 11:14 - 001991680 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-12-07 11:19 - 2016-07-23 16:43 - 000022687 _____ C:\Users\Owner\Downloads\FRST.txt
2019-12-07 11:17 - 2016-07-03 19:57 - 000000000 ____D C:\FRST
2019-12-07 11:12 - 2016-07-06 16:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-12-03 01:23 - 2006-11-02 07:22 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2019-12-03 01:23 - 2006-11-02 07:22 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-15 18:15 - 2013-04-01 16:00 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-15 18:15 - 2013-04-01 16:00 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-15 18:15 - 2009-07-02 20:57 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-09 08:16 - 2006-11-02 05:33 - 000000000 ____D C:\Windows\inf
2019-11-09 08:16 - 2006-11-02 04:46 - 000759542 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-09 08:10 - 2006-11-02 07:42 - 000000006 ____H C:\Windows\Tasks\SA.DAT
 
==================== Files in the root of some directories ========
 
2015-12-08 16:13 - 2015-12-08 16:13 - 004092246 _____ () C:\ProgramData\SMRResults501.dat
2013-10-19 02:00 - 2013-12-08 07:14 - 000000098 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2013-10-19 02:00 - 2013-12-08 07:14 - 000000006 _____ () C:\Users\Owner\AppData\Roaming\WBPU-TTL.DAT
2009-09-23 10:46 - 2018-10-31 17:19 - 000001410 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2009-07-02 17:25 - 2009-07-17 11:31 - 000000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2014-05-18 13:24 - 2014-05-18 13:25 - 000003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-31 19:08 - 2011-05-31 19:09 - 000362230 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI205B.txt
2011-10-31 07:06 - 2011-10-31 07:06 - 000359754 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI297B.txt
2011-06-04 19:14 - 2011-06-04 19:14 - 000361604 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI5CDE.txt
2009-09-17 18:11 - 2009-09-17 18:11 - 000415980 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI6B71.txt
2011-05-31 19:08 - 2011-05-31 19:09 - 000011174 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI205B.txt
2011-10-31 07:06 - 2011-10-31 07:06 - 000011142 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI297B.txt
2011-06-04 19:14 - 2011-06-04 19:14 - 000011206 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI5CDE.txt
2009-09-17 18:11 - 2009-09-17 18:11 - 000011382 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI6B71.txt
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-11-09 08:16

 

==================== End of FRST.txt ========================

 

addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2019
Ran by Owner (07-12-2019 11:20:27)
Running from C:\Users\Owner\Downloads
Windows Vista ™ Home Premium Service Pack 2 (X64) (2009-05-21 04:13:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-752817650-2183412088-3519692294-500 - Administrator - Disabled)
Guest (S-1-5-21-752817650-2183412088-3519692294-501 - Limited - Disabled)
Owner (S-1-5-21-752817650-2183412088-3519692294-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Disabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8}
FW: Norton Security (Disabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\4 Elements) (Version: 1.0.0.0 - eGames)
64 Bit HP CIO Components Installer (HKLM\...\{68451E5C-0A9C-4D5C-8D06-6E296242E908}) (Version: 3.2.1 - Hewlett-Packard) Hidden
7 Wonders (HKLM-x32\...\7 Wonders) (Version: 1.1.0.0 - MumboJumbo)
7 Wonders II (HKLM-x32\...\7 Wonders II) (Version: 1.1.0.0 - MumboJumbo)
7 Wonders Treasures of Seven (HKLM-x32\...\7 Wonders Treasures of Seven) (Version: 1.1.0.0 - MumboJumbo)
Acrobat.com (HKLM-x32\...\{6421F085-1FAA-DE13-D02A-CFB412C522A4}) (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
Amazonia FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116955637}) (Version:  - Oberon Media)
Angry Birds (HKLM-x32\...\{8156D076-6317-44AF-AB53-37C2E529D510}) (Version: 3.3.3 - Rovio Entertainment Ltd.)
Atlantis 3D Screensaver 1.0 (HKLM-x32\...\Atlantis 3D Screensaver_is1) (Version:  - )
Bejeweled 2 Deluxe 1.1 (HKLM-x32\...\Bejeweled 2 Deluxe 1.1) (Version: 1.1 - PopCap Games)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.0.8 - )
Big Money Deluxe 1.3 (HKLM-x32\...\Big Money Deluxe 1.3) (Version:  - )
Bubble Shooter Deluxe (HKLM-x32\...\BSDELUXE_is1) (Version:  - )
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Build-a-lot (HKLM-x32\...\Build-a-lot) (Version: 1.1.0.0 - MumboJumbo)
Chuzzle Deluxe 1.01 (HKLM-x32\...\Chuzzle Deluxe 1.01) (Version: 1.01 - PopCap Games)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Copy (HKLM-x32\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Crystal Reports for .NET Framework 2.0 (x86) (HKLM-x32\...\{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}) (Version: 10.2.0 - Business Objects)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
DebtFree™ for Windows® (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\c7bf31027eda1c16) (Version: 6.0.0.0 - DebtFree™ for Windows®)
Destination Component (HKLM-x32\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DJ_AIO_05_F4400_Software_Min (HKLM-x32\...\{d281ba0e-1617-4a62-bb37-b73671035e36}) (Version: 120.0.235.000 - Hewlett-Packard) Hidden
Drop! (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Drop!) (Version: 1.0.0.1 - eGames)
F4400 (HKLM-x32\...\{0409c45d-df44-4b98-93b0-572697aa054a}) (Version: 120.0.235.000 - Hewlett-Packard) Hidden
Farm Vet (HKLM-x32\...\Farm Vet) (Version:  - )
Farmscapes (HKLM-x32\...\Farmscapes) (Version:  - )
FastAgain PC Booster (HKLM-x32\...\FastAgain PC Booster_is1) (Version: 1.0 - Activeris) <==== ATTENTION
Fitbit Connect (HKLM-x32\...\{E0BB814A-ADB0-4015-9E17-CF0F45EEAF37}) (Version: 2.0.1.6802 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{F648FD09-7CEA-4257-BC68-A8389189FD51}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Hide and Secret (HKLM-x32\...\Hide and Secret) (Version:  - )
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.1000.1002 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 (HKLM\...\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}) (Version: 12.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.2719 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2809 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{784BEA84-FA66-4B19-BB80-7B545F248AC6}) (Version: 1.2.2854.2975 - Hewlett-Packard)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 2.0.64.3 - Hewlett-Packard) Hidden
HPPhotoGadget (HKLM-x32\...\{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}) (Version: 120.0.150.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6EED4269-588D-45b8-A80C-26A9CA62EE4E}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iWin Games (HKLM-x32\...\iWinArcade) (Version: 2.92 - )
Jewel Quest (remove only) (HKLM-x32\...\Jewel Quest) (Version:  - )
Jewel Quest 2 (remove only) (HKLM-x32\...\Jewel Quest 2) (Version:  - )
Jewel Quest Solitaire (remove only) (HKLM-x32\...\Jewel Quest Solitaire) (Version:  - )
Jewel Quest Solitaire II (remove only) (HKLM-x32\...\Jewel Quest Solitaire II) (Version:  - )
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Legends of Deceit (HKLM-x32\...\{D501C2FC-65B2-4660-B996-BF020A118D60}) (Version: 1.0.0 - On Hand Software)
Legends of Silence (HKLM-x32\...\{2D6F5E76-2F9E-4F31-955D-B3EE085570BA}) (Version: 1.0.0 - On Hand Software)
Life Quest (HKLM-x32\...\BFG-Life Quest) (Version:  - )
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
Mah Jong Quest III (remove only) (HKLM-x32\...\Mah Jong Quest III) (Version:  - )
MarketResearch (HKLM-x32\...\{2A329FB6-389D-4396-A974-29656D6864AE}) (Version: 120.0.226.000 - Hewlett-Packard) Hidden
Masque IGT Slots Wolf Run (HKLM-x32\...\{7C0BF6E9-7021-46E4-87B3-4C4587256A22}) (Version: 1.0.1 - Masque Publishing)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Monkey Money 2 (tb) (remove only) (HKLM-x32\...\Monkey Money 2 (tb)) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Tribe (HKLM-x32\...\BFG-My Tribe) (Version:  - )
Mystery P.I. - The Vegas Heist 1.0.0.3 (HKLM-x32\...\Mystery P.I. - The Vegas Heist 1.0.0.3) (Version:  - )
Mysteryville 2 (remove only) (HKLM-x32\...\Mysteryville 2) (Version:  - )
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
Noah's Ark Deluxe 1.1 (HKLM-x32\...\Noah's Ark Deluxe 1.1) (Version:  - )
Norton Security (HKLM-x32\...\NGC) (Version: 22.15.2.22 - Symantec Corporation)
ParetoLogic FileCure (HKLM-x32\...\{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}) (Version: 1.0.0.0 - ParetoLogic, Inc.)
Peggle Deluxe 1.0 (HKLM-x32\...\Peggle Deluxe 1.0) (Version: 1.0 - PopCap Games)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
Pipe Mania (HKLM-x32\...\{FBD00247-B21F-4068-A409-3B990005317E}) (Version: 1.00.0000 - Empire Interactive)
Pirateville (remove only) (HKLM-x32\...\Pirateville) (Version:  - )
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
Premium Technical Support (HKLM-x32\...\{75B23FA8-FEA5-47E4-9326-9B4FA9A9ACEE}) (Version: 7.7.581 - LogMeIn, Inc.)
Puzzle Odyssey (HKLM-x32\...\Puzzle Odyssey_is1) (Version:  - Games Of The Month)
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuantZ (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117459997}) (Version:  - Oberon Media)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
SmartWebPrinting (HKLM-x32\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{9603DE6D-4567-4b78-B941-849322373DE2}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
The Lost Inca Prophecy (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\The Lost Inca Prophecy) (Version: 1.0.0.0 - eGames)
The Poppit! Show (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111715607}) (Version:  - Oberon Media)
The Poppit! Show (HKLM-x32\...\The Poppit! Show) (Version: 0.1 - Electronic Arts)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Toolbox (HKLM-x32\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Twistingo (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Twistingo) (Version: 1.0.0.0 - eGames)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (HKLM-x32\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Youda Farmer 3 (HKLM-x32\...\Youda Farmer 3) (Version:  - )
Zuma Deluxe (HKLM-x32\...\Zuma Deluxe) (Version:  - PopCap Games)
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version:  - PopCap Games)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\NavShExt.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\NavShExt.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\NavShExt.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
 
==================== Loaded Modules (Whitelisted) =============
 
2016-11-17 12:50 - 2016-11-17 12:50 - 040622592 ____R () [File not signed] C:\Program Files (x86)\Fitbit Connect\libcef.dll
2009-02-06 12:11 - 2009-02-06 12:11 - 000385024 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Remote\Common.dll
2009-02-06 12:11 - 2009-02-06 12:11 - 000151552 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Remote\MCStateSink.dll
2016-09-06 17:07 - 2016-09-06 11:00 - 000147456 _____ () [File not signed] C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2016-09-06 17:07 - 2016-09-06 11:00 - 005197312 _____ () [File not signed] C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2008-10-16 18:23 - 2008-10-16 18:23 - 000217088 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2008-10-16 18:24 - 2008-10-16 18:24 - 000192512 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
2008-10-16 18:24 - 2008-10-16 18:24 - 000135168 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2009-03-17 12:25 - 2009-03-17 12:25 - 000033792 _____ (Hewlett-Packard Company) [File not signed] c:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2009-03-17 12:25 - 2009-03-17 12:25 - 000110592 _____ (Hewlett-Packard Company) [File not signed] c:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2009-07-09 19:43 - 2008-10-06 14:39 - 000134144 _____ (Hewlett-Packard Company) [File not signed] C:\Windows\System32\hpf3l083.dll
2009-07-09 19:45 - 2008-10-06 14:39 - 000254464 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpfpp083.dll
2009-04-30 21:51 - 2009-04-30 21:51 - 000098304 _____ (Hewlett-Packard) [File not signed] C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
2009-07-02 17:06 - 2008-12-04 11:56 - 000118784 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll
2009-07-02 17:06 - 2008-12-04 11:49 - 000208896 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
2016-11-17 12:50 - 2016-11-17 12:50 - 009994752 ____R (The ICU Project) [File not signed] C:\Program Files (x86)\Fitbit Connect\icudt.dll
2016-08-12 18:36 - 2016-08-12 18:36 - 001310208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fitbit Connect\LIBEAY32.dll
2016-11-17 15:22 - 2016-11-17 15:22 - 001500672 ____R (winsparkle.org) [File not signed] C:\Program Files (x86)\Fitbit Connect\WinSparkle.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\hp%20games -> hp%20games
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 04:34 - 2006-09-18 13:37 - 000000761 ____N C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk => C:\Windows\pss\iWin Desktop Alerts.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DVDAgent => "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Remote Software => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
MSCONFIG\startupreg: HPADVISOR => c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: IAAnotif => "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: Microsoft Default Manager => "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: OCA_MRK => c:\hp\bin\OCA\hputilck64.exe c:\windows\system32\cmd.exe /c c:\hp\bin\OCA\install.cmd CRP
MSCONFIG\startupreg: PCDrProfiler => "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r
MSCONFIG\startupreg: PDFServerEngine => "C:\Program Files (x86)\PDF Suite\PDFServerEngine.exe" /autorun
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartMenu => %ProgramFiles(x86)%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TSMAgent => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: UfSeAgnt.exe => "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe No File
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe No File
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe No File
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe No File
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe No File
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe No File
FirewallRules: [{46D1E544-8AE1-4292-A9CB-5CBA6028FAD4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{FBCA2885-A95F-4F59-8A35-0B61D107471D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{9A26FEF1-B4F1-4BFC-8537-49786D1AD52A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{8BD3E2F4-5897-4F2A-BB58-3EDD774AAE68}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{3451B6D4-7201-4467-AEFC-9982DEA148F4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{6AFB3D12-AA19-4A32-87F8-3A1C016E712B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink -> CyberLink)
FirewallRules: [{98B4BB1D-FA45-4957-BCAB-3B11F0674DE8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{31420664-00DB-4D30-91EB-D336D6094C66}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{BF9E5C45-D04D-4DB3-88FA-A86C94A1670D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{67AC4346-AC38-47EA-86CB-A5CC9FCD50DE}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{FC260778-A295-4D80-9C01-35221E3F0679}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{5FE71C5B-8F98-4F53-9888-531CFC2699C5}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{3104A41C-D0FE-402F-A1FF-0D50615482DF}] => (Allow) C:\Program Files (x86)\BitTorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{3105F5DA-66C0-4AFD-A4D9-36EB63264373}] => (Allow) C:\Program Files (x86)\BitTorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{43E1DA0E-27B9-4B18-BC8B-6059AA3AB663}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{32BC23EF-8819-492C-ADB8-6C3B2F4BC6B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{4EA441DD-B422-4F97-87D6-F58F7716ECA8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{3218F1F1-3A6B-4BAC-B9E1-FB644C6F068B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{A21FEDB1-1FF7-4349-AE89-D8C9FEEF9D9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{062E81A4-BAE8-4068-B221-4CA3A1E77B4C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F710715B-1385-4FA1-845C-69FAA8E5B96C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{CE4356ED-7C46-48BF-AC8F-55F7173A7919}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{1EEF65A3-6F01-4A2D-8676-F7C098C2608B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{465A9EBE-5587-4B4F-AD7F-CE32AB499F39}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{88ABA7A1-3A2F-4CFD-ACE3-E22A3D9DB1E5}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe No File
FirewallRules: [{899AA496-464C-463D-A0A2-A38F9DB7BB2B}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe No File
FirewallRules: [{272BA3A4-E71D-4C94-9E55-F2EB19036CAB}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe No File
FirewallRules: [{208CF2E6-E114-4975-9736-88221A268F80}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe No File
FirewallRules: [{EBB4B12E-E6F4-49B4-A39F-D57C7F9D728A}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS35CF.tmp\SymNRT.exe No File
FirewallRules: [{130FA13B-3B20-4AFF-9D87-805E755E1C65}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS35CF.tmp\SymNRT.exe No File
FirewallRules: [TCP Query User{05E16A9A-327D-4E1D-993A-88E2543F26FA}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{3574B4D5-06BA-4C04-8901-65DA8968272A}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{AFC86ACC-9300-4BAA-914D-C08A0AFDF290}] => (Allow) LPort=80
FirewallRules: [{225E6665-FED4-48A8-8015-673D498EB02C}] => (Allow) LPort=80
FirewallRules: [{6C43E839-00DC-4492-A469-811D57CBE1C7}] => (Allow) LPort=80
FirewallRules: [{AB6C3FE6-1667-4103-838F-7CF951A93357}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe No File
FirewallRules: [{13503F9F-9BAF-4DDF-8A67-62AD9B70D38A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe No File
FirewallRules: [{1E33AA54-2E13-4E54-954D-5E730756CB40}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe No File
FirewallRules: [{CF267219-094C-45ED-BE0D-8F6092B01075}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe No File
FirewallRules: [{AF7760C0-F26B-4901-BD0A-E4FE10BE9A87}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe No File
FirewallRules: [{A139594D-638D-4603-899F-103412F0A3E4}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe No File
FirewallRules: [{F3B64111-3C71-4A60-8735-8FB3E5711A2C}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe No File
FirewallRules: [{DCB13D02-6FBF-4702-B47E-657ABC207B5A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe No File
FirewallRules: [{8DEAD621-C6C2-4D51-A759-24F8B2129D0D}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zSFD61.tmp\SymNRT.exe No File
FirewallRules: [{33A52569-2B86-44D0-9E4C-F1F22939354D}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zSFD61.tmp\SymNRT.exe No File
FirewallRules: [{12B75F63-1A72-4991-98FC-2ADB4494AD4F}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe No File
FirewallRules: [{3075DEC8-83E4-462E-93BF-4FE186E533F8}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe No File
FirewallRules: [{3AD4897F-BC62-4FB3-8F7D-4F9C2F6EBFD6}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe No File
FirewallRules: [{B7DF3A54-5279-4F6C-902E-33DF87F1F9E4}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe No File
FirewallRules: [TCP Query User{C4130B4E-DC87-43E6-BD56-586A1EEED8F4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe No File
FirewallRules: [UDP Query User{8FF822E4-BC21-4A43-8EA8-0D17AFB2EBDD}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe No File
FirewallRules: [TCP Query User{BB45CB0A-C3F6-4412-9B0C-7AE434E9EC86}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe No File
FirewallRules: [UDP Query User{013F92D6-966E-4909-B6F1-7E34A37E5F63}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe No File
FirewallRules: [{02E28043-6B71-4926-90DE-EF63312989EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\BitTorrent\bittorrent.exe] => Enabled:BitTorrent
 
==================== Restore Points =========================
 
22-07-2019 14:55:13 Scheduled Checkpoint
26-07-2019 19:29:36 Scheduled Checkpoint
02-08-2019 16:18:31 Scheduled Checkpoint
05-08-2019 16:26:54 Scheduled Checkpoint
23-08-2019 05:31:10 Scheduled Checkpoint
24-08-2019 12:25:27 Scheduled Checkpoint
25-08-2019 13:38:11 Scheduled Checkpoint
27-08-2019 17:20:17 Scheduled Checkpoint
30-08-2019 17:42:56 Scheduled Checkpoint
05-09-2019 12:28:54 Scheduled Checkpoint
13-09-2019 11:08:00 Scheduled Checkpoint
17-09-2019 14:29:18 Scheduled Checkpoint
20-09-2019 20:06:06 Scheduled Checkpoint
26-09-2019 15:28:50 Scheduled Checkpoint
06-10-2019 18:37:52 Scheduled Checkpoint
12-10-2019 13:04:53 Scheduled Checkpoint
18-10-2019 11:38:31 Scheduled Checkpoint
19-10-2019 17:14:35 Scheduled Checkpoint
01-11-2019 07:50:50 Scheduled Checkpoint
03-11-2019 03:10:12 Scheduled Checkpoint
05-11-2019 18:41:50 Scheduled Checkpoint
08-11-2019 05:49:16 Scheduled Checkpoint
10-11-2019 17:32:00 Scheduled Checkpoint
13-11-2019 15:09:43 Scheduled Checkpoint
14-11-2019 12:02:10 Scheduled Checkpoint
18-11-2019 15:00:19 Scheduled Checkpoint
19-11-2019 22:17:31 Scheduled Checkpoint
22-11-2019 07:26:37 Scheduled Checkpoint
23-11-2019 13:16:20 Scheduled Checkpoint
25-11-2019 16:53:39 Scheduled Checkpoint
27-11-2019 17:54:12 Scheduled Checkpoint
29-11-2019 15:15:01 Scheduled Checkpoint
03-12-2019 01:23:21 Scheduled Checkpoint
06-12-2019 07:56:48 First Restore Point
07-12-2019 11:11:24 First Restore Point
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/28/2019 03:22:06 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).
 
Error: (11/28/2019 03:22:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).
 
Error: (11/09/2019 08:11:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/09/2019 08:06:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/09/2019 08:03:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/09/2019 07:59:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/05/2019 05:09:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/05/2019 05:04:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (11/09/2019 08:11:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/09/2019 08:10:00 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (11/09/2019 08:09:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:08:13 AM on 11/9/2019 was unexpected.
 
Error: (11/09/2019 08:07:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/09/2019 08:05:51 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (11/09/2019 08:05:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:04:04 AM on 11/9/2019 was unexpected.
 
Error: (11/09/2019 08:03:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/09/2019 08:02:36 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
 
CodeIntegrity:
===================================
 
Date: 2019-12-07 11:18:49.231
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-07 11:18:47.705
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-07 11:18:45.877
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-07 11:18:44.234
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-07 11:18:42.783
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-07 11:18:41.430
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-07 11:18:39.790
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-07 11:18:38.129
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 5.39 05/06/2009
Motherboard: PEGATRON CORPORATION Benicia
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 90%
Total physical RAM: 6133.33 MB
Available physical RAM: 581.03 MB
Total Virtual: 12459.68 MB
Available Virtual: 5903.43 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:582.5 GB) (Free:415.3 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.67 GB) (Free:1.92 GB) NTFS ==>[system with boot components (obtained from drive)]
 
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

#4
RKinner
Posted 07 December 2019 - 03:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Looks like you uninstalled Kaspersky instead of Norton but just as long as you only have one.  Norton says it's Disabled.  Has its subscription run out or does it not work with Vista anymore?  I see support for Vista by Norton stopped back in 2017 so It's  time to uninstall it and get one that  still works.  Hopefully they haven't been charging you for it since 2017.  The free Avast still works with Vista.

https://www.avast.co...vista-antivirus

If you right click on its icon in the systray and select Silent Mode it won't bug you with ads to upgrade.

 

 

Uninstall:

 

FastAgain PC Booster

ParetoLogic FileCure

 

Don't know why you have:

 

Premium Technical Support from Logmein when you don't have Logmein installed so you can probably uninstall it.

 

Do a new FRST scan after uninstalling (and updating to Avast) and post both logs. 


  • 0

#5
Amanda Martin
Posted 07 December 2019 - 04:20 PM

Amanda Martin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
My mom said she just renewed her Norton subscription so she was just going to wait that out and switch to Kaspersky instead of renewing Norton next time. Are you saying she should absolutely get rid of it now?
  • 0

#6
RKinner
Posted 07 December 2019 - 10:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Apparently Norton should still work:

 

https://support.nort...ions/v121103027

 

but FRST says it's disabled:

 


 
AV: Norton Security (Disabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}

...

AS: Norton Security (Disabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8}

FW: Norton Security (Disabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
 

 

If you can get it enabled then keep it but if it's not enabled it's not much use.  Perhaps since the subscription is current you can repair Norton:

https://support.nort...tions/v15756942


  • 0

#7
Amanda Martin
Posted 08 December 2019 - 02:49 PM

Amanda Martin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thanks for your help so far. Waiting on her to cancel Norton. Avast already installed. Can't find those files you  mentioned above to remove: FastAgain PC Booster, ParetoLogic FileCure, Premium Technical Support from Logmein.  


  • 0

#8
RKinner
Posted 08 December 2019 - 04:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

FastAgain PC Booster, ParetoLogic FileCure, Premium Technical Support from Logmein. 

Should be listed under Control panel, (View as: Large Icons), Programs and Features.  FRST says they are not hidden so you should be able to select each and Uninstall. If you can't find them we can try to remove them in other ways.


  • 0

#9
Amanda Martin
Posted 09 December 2019 - 08:51 PM

Amanda Martin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Programs (including Norton removed)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2019
Ran by Owner (administrator) on OWNER-PC (HP-Pavilion NY429AA-ABA p6110y) (09-12-2019 18:38:37)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Agere Systems) C:\Program Files\LSI SoftModem\agr64svc.exe
(The Weather Channel) [File not signed] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4700840 2016-11-17] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKLM-x32\...\RunOnce: [SymInstallStub] => C:\ProgramData\NortonInstaller\NSSInstallStub.exe [1843440 2019-03-27] (Symantec Corporation -> Symantec Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-10] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-10] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4700840 2016-11-17] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [DW7] => C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2014-01-11] (The Weather Channel) [File not signed]
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc -> Google Inc.)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe [468408 2009-06-05] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ATLANT~1.SCR
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe [2016-04-11] (Google Inc -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {26D0B43C-0ED6-4D4A-BA9A-0205B4C0D6A8} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard -> Hewlett-Packard)
Task: {4D1FF339-3AA3-4DCB-866D-85720620012A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2762968 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {64125247-62B7-46F5-A6C6-8E9F061F5F4B} - System32\Tasks\Norton Product Installer => C:\ProgramData\NortonInstaller\NSSInstallStub.exe [1843440 2019-03-27] (Symantec Corporation -> Symantec Corporation)
Task: {76B90AEF-D6E5-435D-B862-0462A1477038} - System32\Tasks\Norton Product InstallerIdle => C:\ProgramData\NortonInstaller\NSSInstallStub.exe [1843440 2019-03-27] (Symantec Corporation -> Symantec Corporation)
Task: {7B770F17-E8B3-41A5-A6EF-FB4F88C6468E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-10] (Google Inc -> Google Inc.)
Task: {A7AAAA45-C0C0-4C37-B6DA-62B898F0C0CE} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [86016 2009-02-24] (Hewlett-Packard) [File not signed]
Task: {CBB362F4-3CDA-437E-92CC-9400EA8E18D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-10] (Google Inc -> Google Inc.)
Task: {DEAF06FD-A328-47E4-8E23-C76E40269E0E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2371784 2019-12-09] (AVAST Software s.r.o. -> AVAST Software) [File not signed]
Task: {E65B1AF6-7BDC-4BC4-B956-9F8F9669C352} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-752817650-2183412088-3519692294-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F3B02793-570F-457D-BC4C-60AAADB3C505} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-752817650-2183412088-3519692294-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Norton Product Installer.job => C:\ProgramData\NortonInstaller\NSSInstallStub.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\ProgramData\NortonInstaller\NSSInstallStub.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26
Tcpip\..\Interfaces\{004DD533-337D-4FA5-A83E-81CD6DCB1AB4}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{BB87927F-FECB-4A54-94DD-CE5FDDDD1D49}: [DhcpNameServer] 192.168.0.1 205.171.3.26
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com?prt=ns&chn=1000880&geo=us&ver=22.9.1.12&locale=en_us&guid=99bdb360-45bd-11de-bea5-00248c7dd45b&doi=2016-03-14&o=APN11915
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=US&ver=22.15.2.22&locale=en_US&guid=99bdb360-45bd-11de-bea5-00248c7dd45b&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> {E4AC6792-B4AA-4C34-9858-E84C94B89383} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2013-10-08] (Eyeo GmbH -> Adblock Plus) [File not signed]
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc -> Google Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2013-10-08] (Eyeo GmbH -> Adblock Plus) [File not signed]
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-07-09] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media ) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.aol.com/"
CHR NewTab: Default ->  Active:"chrome-extension://eikgefpofckhgbnhklemehpincmanagp/newtab/quicktab.html", Not-active:"chrome-extension://afjkfckcefjophkghnnoiejdggocollc/product.html", Not-active:"chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Notifications: Default -> hxxp://www.aol.com; hxxps://mail.google.com; hxxps://www.aol.com; hxxps://www.aol.com; hxxps://www.truthfinder.com
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2019-12-09]
CHR Extension: (QuickWeatherTracker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjkfckcefjophkghnnoiejdggocollc [2019-12-09]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-03]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-03]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-09-02]
CHR Extension: (My Package Homepage) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eikgefpofckhgbnhklemehpincmanagp [2018-07-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2018-10-06]
CHR Extension: (Norton Safe Web) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-08]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-12-09]
CHR Extension: (Pinterest Save Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-12-09]
CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2017-11-26]
CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-12]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2008-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Agere Systems)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5911720 2016-11-17] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Windows -> Microsoft Corporation)
S3 msiserver; %systemroot%\system32\msiexec /V [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1254400 2009-01-20] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163416 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr.sys [79632 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028672 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [188144 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
S3 BVRPMPR5; C:\Windows\SysWOW64\drivers\BVRPMPR5.SYS [44224 2006-10-05] (BVRP Software) [File not signed]
R3 rt61x64; C:\Windows\System32\DRIVERS\netr6164.sys [390144 2008-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Ralink Technology, Corp.)
R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [195584 2009-01-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Corporation )
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20170430.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20170430.001\NAVEX15.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-12-09 18:29 - 2019-12-09 18:35 - 000003148 _____ C:\Windows\system32\Tasks\Norton Product Installer
2019-12-09 18:29 - 2019-12-09 18:35 - 000003040 _____ C:\Windows\system32\Tasks\Norton Product InstallerIdle
2019-12-09 18:29 - 2019-12-09 18:35 - 000000484 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job
2019-12-09 18:29 - 2019-12-09 18:35 - 000000476 _____ C:\Windows\Tasks\Norton Product Installer.job
2019-12-08 12:39 - 2019-12-08 12:39 - 000001787 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-12-08 12:39 - 2019-12-08 12:39 - 000001787 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2019-12-08 12:39 - 2019-12-08 12:39 - 000000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
2019-12-08 12:39 - 2019-12-08 12:39 - 000000000 ____D C:\Users\Owner\AppData\Local\AVAST Software
2019-12-08 12:39 - 2019-12-08 12:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-12-08 12:37 - 2019-12-08 12:37 - 001028672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-12-08 12:37 - 2019-12-08 12:37 - 000469272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-12-08 12:37 - 2019-12-08 12:37 - 000239840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-12-08 12:37 - 2019-12-08 12:37 - 000163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-12-08 12:37 - 2019-12-08 12:37 - 000003824 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-12-08 12:37 - 2019-12-08 12:37 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2019-12-08 12:37 - 2019-12-08 12:36 - 000380464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-12-08 12:37 - 2019-12-08 12:36 - 000346592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2019-12-08 12:37 - 2019-12-08 12:36 - 000230344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2019-12-08 12:37 - 2019-12-08 12:36 - 000201768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2019-12-08 12:37 - 2019-12-08 12:36 - 000201240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-12-08 12:37 - 2019-12-08 12:36 - 000188144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2019-12-08 12:37 - 2019-12-08 12:36 - 000087432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-12-08 12:37 - 2019-12-08 12:36 - 000079632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2019-12-08 12:37 - 2019-12-08 12:36 - 000059496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2019-12-08 12:37 - 2019-12-08 12:36 - 000046384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2019-12-08 12:37 - 2019-12-08 12:36 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-12-08 12:36 - 2019-12-08 12:36 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-12-08 12:36 - 2019-12-08 12:36 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-12-08 12:35 - 2019-12-08 12:35 - 000000000 ____D C:\Program Files\AVAST Software
2019-12-08 12:34 - 2019-12-08 13:42 - 000000000 ____D C:\ProgramData\AVAST Software
2019-12-08 12:33 - 2019-12-08 12:33 - 000230080 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2019-12-07 11:14 - 2019-12-07 11:14 - 002263552 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2019-12-07 11:14 - 2019-12-07 11:14 - 001991680 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-12-09 18:42 - 2016-07-23 16:43 - 000022718 _____ C:\Users\Owner\Downloads\FRST.txt
2019-12-09 18:39 - 2016-07-03 19:57 - 000000000 ____D C:\FRST
2019-12-09 18:34 - 2009-04-30 22:18 - 000000000 ____D C:\ProgramData\Norton
2019-12-09 18:34 - 2006-11-02 07:42 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-12-09 18:34 - 2006-11-02 07:22 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2019-12-09 18:34 - 2006-11-02 07:22 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2019-12-09 18:33 - 2006-11-02 07:42 - 000032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-12-09 18:29 - 2009-04-30 22:17 - 000000000 ____D C:\ProgramData\NortonInstaller
2019-12-07 11:25 - 2016-07-23 16:45 - 000048535 _____ C:\Users\Owner\Downloads\Addition.txt
2019-12-07 11:12 - 2016-07-06 16:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-11-15 18:15 - 2013-04-01 16:00 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-15 18:15 - 2013-04-01 16:00 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-15 18:15 - 2009-07-02 20:57 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-09 08:16 - 2006-11-02 05:33 - 000000000 ____D C:\Windows\inf
2019-11-09 08:16 - 2006-11-02 04:46 - 000759542 _____ C:\Windows\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories ========
 
2015-12-08 16:13 - 2015-12-08 16:13 - 004092246 _____ () C:\ProgramData\SMRResults501.dat
2013-10-19 02:00 - 2013-12-08 07:14 - 000000098 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2013-10-19 02:00 - 2013-12-08 07:14 - 000000006 _____ () C:\Users\Owner\AppData\Roaming\WBPU-TTL.DAT
2009-09-23 10:46 - 2018-10-31 17:19 - 000001410 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2009-07-02 17:25 - 2009-07-17 11:31 - 000000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2014-05-18 13:24 - 2014-05-18 13:25 - 000003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-31 19:08 - 2011-05-31 19:09 - 000362230 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI205B.txt
2011-10-31 07:06 - 2011-10-31 07:06 - 000359754 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI297B.txt
2011-06-04 19:14 - 2011-06-04 19:14 - 000361604 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI5CDE.txt
2009-09-17 18:11 - 2009-09-17 18:11 - 000415980 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI6B71.txt
2011-05-31 19:08 - 2011-05-31 19:09 - 000011174 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI205B.txt
2011-10-31 07:06 - 2011-10-31 07:06 - 000011142 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI297B.txt
2011-06-04 19:14 - 2011-06-04 19:14 - 000011206 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI5CDE.txt
2009-09-17 18:11 - 2009-09-17 18:11 - 000011382 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI6B71.txt
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-12-09 18:41
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2019
Ran by Owner (09-12-2019 18:43:43)
Running from C:\Users\Owner\Downloads
Windows Vista ™ Home Premium Service Pack 2 (X64) (2009-05-21 04:13:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-752817650-2183412088-3519692294-500 - Administrator - Disabled)
Guest (S-1-5-21-752817650-2183412088-3519692294-501 - Limited - Disabled)
Owner (S-1-5-21-752817650-2183412088-3519692294-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\4 Elements) (Version: 1.0.0.0 - eGames)
64 Bit HP CIO Components Installer (HKLM\...\{68451E5C-0A9C-4D5C-8D06-6E296242E908}) (Version: 3.2.1 - Hewlett-Packard) Hidden
7 Wonders (HKLM-x32\...\7 Wonders) (Version: 1.1.0.0 - MumboJumbo)
7 Wonders II (HKLM-x32\...\7 Wonders II) (Version: 1.1.0.0 - MumboJumbo)
7 Wonders Treasures of Seven (HKLM-x32\...\7 Wonders Treasures of Seven) (Version: 1.1.0.0 - MumboJumbo)
Acrobat.com (HKLM-x32\...\{6421F085-1FAA-DE13-D02A-CFB412C522A4}) (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
Amazonia FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116955637}) (Version:  - Oberon Media)
Angry Birds (HKLM-x32\...\{8156D076-6317-44AF-AB53-37C2E529D510}) (Version: 3.3.3 - Rovio Entertainment Ltd.)
Atlantis 3D Screensaver 1.0 (HKLM-x32\...\Atlantis 3D Screensaver_is1) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Bejeweled 2 Deluxe 1.1 (HKLM-x32\...\Bejeweled 2 Deluxe 1.1) (Version: 1.1 - PopCap Games)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.0.8 - )
Big Money Deluxe 1.3 (HKLM-x32\...\Big Money Deluxe 1.3) (Version:  - )
Bubble Shooter Deluxe (HKLM-x32\...\BSDELUXE_is1) (Version:  - )
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Build-a-lot (HKLM-x32\...\Build-a-lot) (Version: 1.1.0.0 - MumboJumbo)
Chuzzle Deluxe 1.01 (HKLM-x32\...\Chuzzle Deluxe 1.01) (Version: 1.01 - PopCap Games)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Copy (HKLM-x32\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Crystal Reports for .NET Framework 2.0 (x86) (HKLM-x32\...\{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}) (Version: 10.2.0 - Business Objects)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
DebtFree™ for Windows® (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\c7bf31027eda1c16) (Version: 6.0.0.0 - DebtFree™ for Windows®)
Destination Component (HKLM-x32\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DJ_AIO_05_F4400_Software_Min (HKLM-x32\...\{d281ba0e-1617-4a62-bb37-b73671035e36}) (Version: 120.0.235.000 - Hewlett-Packard) Hidden
Drop! (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Drop!) (Version: 1.0.0.1 - eGames)
F4400 (HKLM-x32\...\{0409c45d-df44-4b98-93b0-572697aa054a}) (Version: 120.0.235.000 - Hewlett-Packard) Hidden
Farm Vet (HKLM-x32\...\Farm Vet) (Version:  - )
Farmscapes (HKLM-x32\...\Farmscapes) (Version:  - )
Fitbit Connect (HKLM-x32\...\{E0BB814A-ADB0-4015-9E17-CF0F45EEAF37}) (Version: 2.0.1.6802 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{F648FD09-7CEA-4257-BC68-A8389189FD51}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Hide and Secret (HKLM-x32\...\Hide and Secret) (Version:  - )
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.1000.1002 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 (HKLM\...\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}) (Version: 12.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.2719 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2809 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{784BEA84-FA66-4B19-BB80-7B545F248AC6}) (Version: 1.2.2854.2975 - Hewlett-Packard)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 2.0.64.3 - Hewlett-Packard) Hidden
HPPhotoGadget (HKLM-x32\...\{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}) (Version: 120.0.150.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6EED4269-588D-45b8-A80C-26A9CA62EE4E}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iWin Games (HKLM-x32\...\iWinArcade) (Version: 2.92 - )
Jewel Quest (remove only) (HKLM-x32\...\Jewel Quest) (Version:  - )
Jewel Quest 2 (remove only) (HKLM-x32\...\Jewel Quest 2) (Version:  - )
Jewel Quest Solitaire (remove only) (HKLM-x32\...\Jewel Quest Solitaire) (Version:  - )
Jewel Quest Solitaire II (remove only) (HKLM-x32\...\Jewel Quest Solitaire II) (Version:  - )
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Legends of Deceit (HKLM-x32\...\{D501C2FC-65B2-4660-B996-BF020A118D60}) (Version: 1.0.0 - On Hand Software)
Legends of Silence (HKLM-x32\...\{2D6F5E76-2F9E-4F31-955D-B3EE085570BA}) (Version: 1.0.0 - On Hand Software)
Life Quest (HKLM-x32\...\BFG-Life Quest) (Version:  - )
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
Mah Jong Quest III (remove only) (HKLM-x32\...\Mah Jong Quest III) (Version:  - )
MarketResearch (HKLM-x32\...\{2A329FB6-389D-4396-A974-29656D6864AE}) (Version: 120.0.226.000 - Hewlett-Packard) Hidden
Masque IGT Slots Wolf Run (HKLM-x32\...\{7C0BF6E9-7021-46E4-87B3-4C4587256A22}) (Version: 1.0.1 - Masque Publishing)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Monkey Money 2 (tb) (remove only) (HKLM-x32\...\Monkey Money 2 (tb)) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Tribe (HKLM-x32\...\BFG-My Tribe) (Version:  - )
Mystery P.I. - The Vegas Heist 1.0.0.3 (HKLM-x32\...\Mystery P.I. - The Vegas Heist 1.0.0.3) (Version:  - )
Mysteryville 2 (remove only) (HKLM-x32\...\Mysteryville 2) (Version:  - )
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
Noah's Ark Deluxe 1.1 (HKLM-x32\...\Noah's Ark Deluxe 1.1) (Version:  - )
Peggle Deluxe 1.0 (HKLM-x32\...\Peggle Deluxe 1.0) (Version: 1.0 - PopCap Games)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
Pipe Mania (HKLM-x32\...\{FBD00247-B21F-4068-A409-3B990005317E}) (Version: 1.00.0000 - Empire Interactive)
Pirateville (remove only) (HKLM-x32\...\Pirateville) (Version:  - )
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
Puzzle Odyssey (HKLM-x32\...\Puzzle Odyssey_is1) (Version:  - Games Of The Month)
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuantZ (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117459997}) (Version:  - Oberon Media)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
SmartWebPrinting (HKLM-x32\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{9603DE6D-4567-4b78-B941-849322373DE2}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
The Lost Inca Prophecy (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\The Lost Inca Prophecy) (Version: 1.0.0.0 - eGames)
The Poppit! Show (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111715607}) (Version:  - Oberon Media)
The Poppit! Show (HKLM-x32\...\The Poppit! Show) (Version: 0.1 - Electronic Arts)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Toolbox (HKLM-x32\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Twistingo (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Twistingo) (Version: 1.0.0.0 - eGames)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (HKLM-x32\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Youda Farmer 3 (HKLM-x32\...\Youda Farmer 3) (Version:  - )
Zuma Deluxe (HKLM-x32\...\Zuma Deluxe) (Version:  - PopCap Games)
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version:  - PopCap Games)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2019-12-08] (AVAST Software s.r.o. -> AVAST Software)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
 
==================== Loaded Modules (Whitelisted) =============
 
2016-11-17 12:50 - 2016-11-17 12:50 - 040622592 ____R () [File not signed] C:\Program Files (x86)\Fitbit Connect\libcef.dll
2019-12-08 12:39 - 2019-12-08 12:39 - 048936448 _____ () [File not signed] C:\Program Files\AVAST Software\Avast\libcef.dll
2009-02-06 12:11 - 2009-02-06 12:11 - 000385024 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Remote\Common.dll
2009-02-06 12:11 - 2009-02-06 12:11 - 000151552 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Remote\MCStateSink.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 006957896 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\algo.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 000342536 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\arPot.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 000261944 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\aswAR.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 000388464 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\aswArray.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 000539848 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\aswCleanerDLL.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 000511944 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\aswCmnBS.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 000436440 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\aswCmnIS.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 000160176 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\aswCmnOS.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 001622360 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\aswEngin.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 000617296 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\aswFiDb.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 000485000 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\aswRawFs.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 000423600 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\aswRep.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 002061376 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\swhealthex2.dll
2019-12-09 11:49 - 2019-12-09 11:49 - 000065144 _____ (AVAST Software s.r.o. -> AVAST Software) [File not signed] C:\Program Files\AVAST Software\Avast\defs\19120900\uiExt.dll
2019-12-08 12:36 - 2019-12-08 12:36 - 002387776 _____ (AVAST Software s.r.o. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\Avast\libcrypto-1_1.dll
2019-12-08 12:36 - 2019-12-08 12:36 - 000512832 _____ (AVAST Software s.r.o. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\Avast\libssl-1_1.dll
2019-12-08 12:36 - 2019-12-08 12:36 - 003422016 _____ (AVAST Software s.r.o. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\Avast\x64\libcrypto-1_1-x64.dll
2008-10-16 18:23 - 2008-10-16 18:23 - 000217088 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2008-10-16 18:24 - 2008-10-16 18:24 - 000192512 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
2008-10-16 18:24 - 2008-10-16 18:24 - 000135168 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2009-03-17 12:25 - 2009-03-17 12:25 - 000033792 _____ (Hewlett-Packard Company) [File not signed] c:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2009-03-17 12:25 - 2009-03-17 12:25 - 000110592 _____ (Hewlett-Packard Company) [File not signed] c:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2009-07-09 19:43 - 2008-10-06 14:39 - 000134144 _____ (Hewlett-Packard Company) [File not signed] C:\Windows\System32\hpf3l083.dll
2009-07-09 19:45 - 2008-10-06 14:39 - 000254464 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpfpp083.dll
2009-04-30 21:51 - 2009-04-30 21:51 - 000098304 _____ (Hewlett-Packard) [File not signed] C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
2008-07-18 12:15 - 2008-07-18 12:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2008-07-18 12:15 - 2008-07-18 12:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2009-07-02 17:06 - 2008-12-04 11:56 - 000118784 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll
2009-07-02 17:06 - 2008-12-04 11:49 - 000208896 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
2016-11-17 12:50 - 2016-11-17 12:50 - 009994752 ____R (The ICU Project) [File not signed] C:\Program Files (x86)\Fitbit Connect\icudt.dll
2016-08-12 18:36 - 2016-08-12 18:36 - 001310208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fitbit Connect\LIBEAY32.dll
2016-11-17 15:22 - 2016-11-17 15:22 - 001500672 ____R (winsparkle.org) [File not signed] C:\Program Files (x86)\Fitbit Connect\WinSparkle.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\hp%20games -> hp%20games
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 04:34 - 2019-12-09 18:35 - 000000762 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk => C:\Windows\pss\iWin Desktop Alerts.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DVDAgent => "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Remote Software => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
MSCONFIG\startupreg: HPADVISOR => c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: IAAnotif => "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: Microsoft Default Manager => "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: OCA_MRK => c:\hp\bin\OCA\hputilck64.exe c:\windows\system32\cmd.exe /c c:\hp\bin\OCA\install.cmd CRP
MSCONFIG\startupreg: PCDrProfiler => "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r
MSCONFIG\startupreg: PDFServerEngine => "C:\Program Files (x86)\PDF Suite\PDFServerEngine.exe" /autorun
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartMenu => %ProgramFiles(x86)%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TSMAgent => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: UfSeAgnt.exe => "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe No File
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe No File
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe No File
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe No File
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe No File
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe No File
FirewallRules: [{46D1E544-8AE1-4292-A9CB-5CBA6028FAD4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{FBCA2885-A95F-4F59-8A35-0B61D107471D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{9A26FEF1-B4F1-4BFC-8537-49786D1AD52A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{8BD3E2F4-5897-4F2A-BB58-3EDD774AAE68}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{3451B6D4-7201-4467-AEFC-9982DEA148F4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{6AFB3D12-AA19-4A32-87F8-3A1C016E712B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink -> CyberLink)
FirewallRules: [{98B4BB1D-FA45-4957-BCAB-3B11F0674DE8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{31420664-00DB-4D30-91EB-D336D6094C66}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{BF9E5C45-D04D-4DB3-88FA-A86C94A1670D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{67AC4346-AC38-47EA-86CB-A5CC9FCD50DE}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{FC260778-A295-4D80-9C01-35221E3F0679}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{5FE71C5B-8F98-4F53-9888-531CFC2699C5}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{3104A41C-D0FE-402F-A1FF-0D50615482DF}] => (Allow) C:\Program Files (x86)\BitTorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{3105F5DA-66C0-4AFD-A4D9-36EB63264373}] => (Allow) C:\Program Files (x86)\BitTorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{43E1DA0E-27B9-4B18-BC8B-6059AA3AB663}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{32BC23EF-8819-492C-ADB8-6C3B2F4BC6B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{4EA441DD-B422-4F97-87D6-F58F7716ECA8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{3218F1F1-3A6B-4BAC-B9E1-FB644C6F068B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{A21FEDB1-1FF7-4349-AE89-D8C9FEEF9D9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{062E81A4-BAE8-4068-B221-4CA3A1E77B4C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F710715B-1385-4FA1-845C-69FAA8E5B96C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{CE4356ED-7C46-48BF-AC8F-55F7173A7919}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{1EEF65A3-6F01-4A2D-8676-F7C098C2608B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{465A9EBE-5587-4B4F-AD7F-CE32AB499F39}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{88ABA7A1-3A2F-4CFD-ACE3-E22A3D9DB1E5}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe No File
FirewallRules: [{899AA496-464C-463D-A0A2-A38F9DB7BB2B}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe No File
FirewallRules: [{272BA3A4-E71D-4C94-9E55-F2EB19036CAB}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe No File
FirewallRules: [{208CF2E6-E114-4975-9736-88221A268F80}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe No File
FirewallRules: [{EBB4B12E-E6F4-49B4-A39F-D57C7F9D728A}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS35CF.tmp\SymNRT.exe No File
FirewallRules: [{130FA13B-3B20-4AFF-9D87-805E755E1C65}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS35CF.tmp\SymNRT.exe No File
FirewallRules: [TCP Query User{05E16A9A-327D-4E1D-993A-88E2543F26FA}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{3574B4D5-06BA-4C04-8901-65DA8968272A}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{AFC86ACC-9300-4BAA-914D-C08A0AFDF290}] => (Allow) LPort=80
FirewallRules: [{225E6665-FED4-48A8-8015-673D498EB02C}] => (Allow) LPort=80
FirewallRules: [{6C43E839-00DC-4492-A469-811D57CBE1C7}] => (Allow) LPort=80
FirewallRules: [{AB6C3FE6-1667-4103-838F-7CF951A93357}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe No File
FirewallRules: [{13503F9F-9BAF-4DDF-8A67-62AD9B70D38A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe No File
FirewallRules: [{1E33AA54-2E13-4E54-954D-5E730756CB40}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe No File
FirewallRules: [{CF267219-094C-45ED-BE0D-8F6092B01075}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe No File
FirewallRules: [{AF7760C0-F26B-4901-BD0A-E4FE10BE9A87}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe No File
FirewallRules: [{A139594D-638D-4603-899F-103412F0A3E4}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe No File
FirewallRules: [{F3B64111-3C71-4A60-8735-8FB3E5711A2C}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe No File
FirewallRules: [{DCB13D02-6FBF-4702-B47E-657ABC207B5A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe No File
FirewallRules: [{8DEAD621-C6C2-4D51-A759-24F8B2129D0D}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zSFD61.tmp\SymNRT.exe No File
FirewallRules: [{33A52569-2B86-44D0-9E4C-F1F22939354D}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zSFD61.tmp\SymNRT.exe No File
FirewallRules: [{12B75F63-1A72-4991-98FC-2ADB4494AD4F}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe No File
FirewallRules: [{3075DEC8-83E4-462E-93BF-4FE186E533F8}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe No File
FirewallRules: [{3AD4897F-BC62-4FB3-8F7D-4F9C2F6EBFD6}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe No File
FirewallRules: [{B7DF3A54-5279-4F6C-902E-33DF87F1F9E4}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe No File
FirewallRules: [TCP Query User{C4130B4E-DC87-43E6-BD56-586A1EEED8F4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe No File
FirewallRules: [UDP Query User{8FF822E4-BC21-4A43-8EA8-0D17AFB2EBDD}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe No File
FirewallRules: [TCP Query User{BB45CB0A-C3F6-4412-9B0C-7AE434E9EC86}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe No File
FirewallRules: [UDP Query User{013F92D6-966E-4909-B6F1-7E34A37E5F63}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe No File
FirewallRules: [{02E28043-6B71-4926-90DE-EF63312989EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{2C1BD9DE-F1F4-4C2C-8236-A85C05950F04}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{C64AD031-55CF-4678-AEA2-27EDEB6348C6}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\BitTorrent\bittorrent.exe] => Enabled:BitTorrent
 
==================== Restore Points =========================
 
26-07-2019 19:29:36 Scheduled Checkpoint
02-08-2019 16:18:31 Scheduled Checkpoint
05-08-2019 16:26:54 Scheduled Checkpoint
23-08-2019 05:31:10 Scheduled Checkpoint
24-08-2019 12:25:27 Scheduled Checkpoint
25-08-2019 13:38:11 Scheduled Checkpoint
27-08-2019 17:20:17 Scheduled Checkpoint
30-08-2019 17:42:56 Scheduled Checkpoint
05-09-2019 12:28:54 Scheduled Checkpoint
13-09-2019 11:08:00 Scheduled Checkpoint
17-09-2019 14:29:18 Scheduled Checkpoint
20-09-2019 20:06:06 Scheduled Checkpoint
26-09-2019 15:28:50 Scheduled Checkpoint
06-10-2019 18:37:52 Scheduled Checkpoint
12-10-2019 13:04:53 Scheduled Checkpoint
18-10-2019 11:38:31 Scheduled Checkpoint
19-10-2019 17:14:35 Scheduled Checkpoint
01-11-2019 07:50:50 Scheduled Checkpoint
03-11-2019 03:10:12 Scheduled Checkpoint
05-11-2019 18:41:50 Scheduled Checkpoint
08-11-2019 05:49:16 Scheduled Checkpoint
10-11-2019 17:32:00 Scheduled Checkpoint
13-11-2019 15:09:43 Scheduled Checkpoint
14-11-2019 12:02:10 Scheduled Checkpoint
18-11-2019 15:00:19 Scheduled Checkpoint
19-11-2019 22:17:31 Scheduled Checkpoint
22-11-2019 07:26:37 Scheduled Checkpoint
23-11-2019 13:16:20 Scheduled Checkpoint
25-11-2019 16:53:39 Scheduled Checkpoint
27-11-2019 17:54:12 Scheduled Checkpoint
29-11-2019 15:15:01 Scheduled Checkpoint
03-12-2019 01:23:21 Scheduled Checkpoint
06-12-2019 07:56:48 First Restore Point
07-12-2019 11:11:24 First Restore Point
09-12-2019 18:26:39 Removed Premium Technical Support
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (12/09/2019 06:35:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/28/2019 03:22:06 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).
 
Error: (11/28/2019 03:22:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).
 
Error: (11/09/2019 08:11:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/09/2019 08:06:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/09/2019 08:03:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/09/2019 07:59:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/05/2019 05:09:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (12/09/2019 06:35:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (12/09/2019 06:34:55 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (12/09/2019 06:30:19 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_SYMEVENT\0000 disappeared from the system without first being prepared for removal.
 
Error: (11/09/2019 08:11:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/09/2019 08:10:00 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (11/09/2019 08:09:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:08:13 AM on 11/9/2019 was unexpected.
 
Error: (11/09/2019 08:07:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/09/2019 08:05:51 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
 
CodeIntegrity:
===================================
 
Date: 2019-12-08 12:45:24.529
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20191203.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-08 12:45:23.058
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20191203.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-08 12:45:21.332
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20191203.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-08 12:45:18.750
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20191203.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-07 11:18:49.231
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-07 11:18:47.705
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-07 11:18:45.877
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
Date: 2019-12-07 11:18:44.234
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 5.39 05/06/2009
Motherboard: PEGATRON CORPORATION Benicia
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 71%
Total physical RAM: 6133.33 MB
Available physical RAM: 1720.56 MB
Total Virtual: 12465.69 MB
Available Virtual: 7878.77 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:582.5 GB) (Free:414.25 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.67 GB) (Free:1.92 GB) NTFS ==>[system with boot components (obtained from drive)]
 
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

#10
RKinner
Posted 09 December 2019 - 11:10 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Let's remove some deadwood left by Kaspersky and Norton:

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   5.58KB   412 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Are you still seeing strange toolbars?


 


  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP