FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2019
Ran by Owner (administrator) on OWNER-PC (HP-Pavilion NY429AA-ABA p6110y) (07-12-2019 11:16:36)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Agere Systems) C:\Program Files\LSI SoftModem\agr64svc.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\nortonsecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\nortonsecurity.exe
(The Weather Channel) [File not signed] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4700840 2016-11-17] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-10] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-10] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4700840 2016-11-17] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [DW7] => C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2014-01-11] (The Weather Channel) [File not signed]
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc -> Google Inc.)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe [468408 2009-06-05] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ATLANT~1.SCR
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe [2016-04-11] (Google Inc -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {26D0B43C-0ED6-4D4A-BA9A-0205B4C0D6A8} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard -> Hewlett-Packard)
Task: {7B770F17-E8B3-41A5-A6EF-FB4F88C6468E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-10] (Google Inc -> Google Inc.)
Task: {A099A9F1-AA1C-4A2F-A34E-387E09FE91DB} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\SymErr.exe [101904 2019-03-27] (Symantec Corporation -> Symantec Corporation)
Task: {A7AAAA45-C0C0-4C37-B6DA-62B898F0C0CE} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [86016 2009-02-24] (Hewlett-Packard) [File not signed]
Task: {CBB362F4-3CDA-437E-92CC-9400EA8E18D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-10] (Google Inc -> Google Inc.)
Task: {D37149E0-F980-463A-BF08-74723883AAA6} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\SymErr.exe [101904 2019-03-27] (Symantec Corporation -> Symantec Corporation)
Task: {E65B1AF6-7BDC-4BC4-B956-9F8F9669C352} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-752817650-2183412088-3519692294-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {EB1ED633-5561-4159-86A2-240ADEF73A6F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [3278664 2016-08-16] (Symantec Corporation -> Symantec Corporation)
Task: {F3B02793-570F-457D-BC4C-60AAADB3C505} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-752817650-2183412088-3519692294-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F86F5CFD-B0B2-483A-A3AF-4490B853B63F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\WSCStub.exe [2271192 2019-03-27] (Symantec Corporation -> Symantec Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26
Tcpip\..\Interfaces\{004DD533-337D-4FA5-A83E-81CD6DCB1AB4}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{BB87927F-FECB-4A54-94DD-CE5FDDDD1D49}: [DhcpNameServer] 192.168.0.1 205.171.3.26
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com?prt=ns&chn=1000880&geo=us&ver=22.9.1.12&locale=en_us&guid=99bdb360-45bd-11de-bea5-00248c7dd45b&doi=2016-03-14&o=APN11915
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=US&ver=22.15.2.22&locale=en_US&guid=99bdb360-45bd-11de-bea5-00248c7dd45b&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> {E4AC6792-B4AA-4C34-9858-E84C94B89383} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2013-10-08] (Eyeo GmbH -> Adblock Plus) [File not signed]
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.15.2.22\coIEPlg.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc -> Google Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2013-10-08] (Eyeo GmbH -> Adblock Plus) [File not signed]
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.15.2.22\coIEPlg.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc -> Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-07-09] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media ) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.aol.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://eikgefpofckhgbnhklemehpincmanagp/newtab/quicktab.html", Not-active:"chrome-extension://afjkfckcefjophkghnnoiejdggocollc/product.html", Not-active:"chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Notifications: Default -> hxxp://www.aol.com; hxxps://mail.google.com; hxxps://www.aol.com; hxxps://www.aol.com; hxxps://www.truthfinder.com
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2019-12-07]
CHR Extension: (QuickWeatherTracker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjkfckcefjophkghnnoiejdggocollc [2019-12-06]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-03]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-03]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-09-02]
CHR Extension: (My Package Homepage) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eikgefpofckhgbnhklemehpincmanagp [2018-07-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2018-10-06]
CHR Extension: (Norton Safe Web) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-08]
CHR Extension: (Pinterest Save Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-11-09]
CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2017-11-26]
CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-04-27]
CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-12]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-14]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2008-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Agere Systems)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5911720 2016-11-17] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NortonSecurity; C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\NortonSecurity.exe [328648 2019-03-27] (Symantec Corporation -> Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Windows -> Microsoft Corporation)
R3 msiserver; %systemroot%\system32\msiexec /V [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1254400 2009-01-20] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20191203.001\BHDrvx64.sys [1952136 2019-09-27] (Symantec Corporation -> Symantec Corporation)
S3 BVRPMPR5; C:\Windows\SysWOW64\drivers\BVRPMPR5.SYS [44224 2006-10-05] (BVRP Software) [File not signed]
R1 ccSet_NGC; C:\Windows\system32\drivers\NGCx64\160F020.016\ccSetx64.sys [189152 2019-03-27] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-10-18] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2019-10-18] (Symantec Corporation -> Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20191205.061\IDSvia64.sys [1451016 2019-08-22] (Symantec Corporation -> Symantec Corporation)
R3 rt61x64; C:\Windows\System32\DRIVERS\netr6164.sys [390144 2008-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Ralink Technology, Corp.)
R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [195584 2009-01-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Corporation )
R3 SRTSP; C:\Windows\System32\Drivers\NGCx64\160F020.016\SRTSP64.SYS [846928 2019-03-27] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NGCx64\160F020.016\SRTSPX64.SYS [51168 2019-03-27] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\160F020.016\SYMEFASI64.SYS [1969312 2019-03-27] (Symantec Corporation -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-27] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NGCx64\160F020.016\Ironx64.SYS [307792 2019-03-27] (Symantec Corporation -> Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NGCx64\160F020.016\symtdiv.sys [468616 2019-03-27] (Symantec Corporation -> Symantec Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20170430.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20170430.001\NAVEX15.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-12-07 11:14 - 2019-12-07 11:14 - 002263552 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2019-12-07 11:14 - 2019-12-07 11:14 - 001991680 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-12-07 11:19 - 2016-07-23 16:43 - 000022687 _____ C:\Users\Owner\Downloads\FRST.txt
2019-12-07 11:17 - 2016-07-03 19:57 - 000000000 ____D C:\FRST
2019-12-07 11:12 - 2016-07-06 16:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-12-03 01:23 - 2006-11-02 07:22 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2019-12-03 01:23 - 2006-11-02 07:22 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-15 18:15 - 2013-04-01 16:00 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-15 18:15 - 2013-04-01 16:00 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-15 18:15 - 2009-07-02 20:57 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-09 08:16 - 2006-11-02 05:33 - 000000000 ____D C:\Windows\inf
2019-11-09 08:16 - 2006-11-02 04:46 - 000759542 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-09 08:10 - 2006-11-02 07:42 - 000000006 ____H C:\Windows\Tasks\SA.DAT
==================== Files in the root of some directories ========
2015-12-08 16:13 - 2015-12-08 16:13 - 004092246 _____ () C:\ProgramData\SMRResults501.dat
2013-10-19 02:00 - 2013-12-08 07:14 - 000000098 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2013-10-19 02:00 - 2013-12-08 07:14 - 000000006 _____ () C:\Users\Owner\AppData\Roaming\WBPU-TTL.DAT
2009-09-23 10:46 - 2018-10-31 17:19 - 000001410 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2009-07-02 17:25 - 2009-07-17 11:31 - 000000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2014-05-18 13:24 - 2014-05-18 13:25 - 000003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-31 19:08 - 2011-05-31 19:09 - 000362230 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI205B.txt
2011-10-31 07:06 - 2011-10-31 07:06 - 000359754 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI297B.txt
2011-06-04 19:14 - 2011-06-04 19:14 - 000361604 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI5CDE.txt
2009-09-17 18:11 - 2009-09-17 18:11 - 000415980 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI6B71.txt
2011-05-31 19:08 - 2011-05-31 19:09 - 000011174 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI205B.txt
2011-10-31 07:06 - 2011-10-31 07:06 - 000011142 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI297B.txt
2011-06-04 19:14 - 2011-06-04 19:14 - 000011206 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI5CDE.txt
2009-09-17 18:11 - 2009-09-17 18:11 - 000011382 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI6B71.txt
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-11-09 08:16
==================== End of FRST.txt ========================
addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2019
Ran by Owner (07-12-2019 11:20:27)
Running from C:\Users\Owner\Downloads
Windows Vista Home Premium Service Pack 2 (X64) (2009-05-21 04:13:04)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-752817650-2183412088-3519692294-500 - Administrator - Disabled)
Guest (S-1-5-21-752817650-2183412088-3519692294-501 - Limited - Disabled)
Owner (S-1-5-21-752817650-2183412088-3519692294-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security (Disabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8}
FW: Norton Security (Disabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\4 Elements) (Version: 1.0.0.0 - eGames)
64 Bit HP CIO Components Installer (HKLM\...\{68451E5C-0A9C-4D5C-8D06-6E296242E908}) (Version: 3.2.1 - Hewlett-Packard) Hidden
7 Wonders (HKLM-x32\...\7 Wonders) (Version: 1.1.0.0 - MumboJumbo)
7 Wonders II (HKLM-x32\...\7 Wonders II) (Version: 1.1.0.0 - MumboJumbo)
7 Wonders Treasures of Seven (HKLM-x32\...\7 Wonders Treasures of Seven) (Version: 1.1.0.0 - MumboJumbo)
Acrobat.com (HKLM-x32\...\{6421F085-1FAA-DE13-D02A-CFB412C522A4}) (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)
Amazonia FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116955637}) (Version: - Oberon Media)
Angry Birds (HKLM-x32\...\{8156D076-6317-44AF-AB53-37C2E529D510}) (Version: 3.3.3 - Rovio Entertainment Ltd.)
Atlantis 3D Screensaver 1.0 (HKLM-x32\...\Atlantis 3D Screensaver_is1) (Version: - )
Bejeweled 2 Deluxe 1.1 (HKLM-x32\...\Bejeweled 2 Deluxe 1.1) (Version: 1.1 - PopCap Games)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: - PopCap Games)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.0.8 - )
Big Money Deluxe 1.3 (HKLM-x32\...\Big Money Deluxe 1.3) (Version: - )
Bubble Shooter Deluxe (HKLM-x32\...\BSDELUXE_is1) (Version: - )
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Build-a-lot (HKLM-x32\...\Build-a-lot) (Version: 1.1.0.0 - MumboJumbo)
Chuzzle Deluxe 1.01 (HKLM-x32\...\Chuzzle Deluxe 1.01) (Version: 1.01 - PopCap Games)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Copy (HKLM-x32\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Crystal Reports for .NET Framework 2.0 (x86) (HKLM-x32\...\{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}) (Version: 10.2.0 - Business Objects)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
DebtFree™ for Windows® (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\c7bf31027eda1c16) (Version: 6.0.0.0 - DebtFree™ for Windows®)
Destination Component (HKLM-x32\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DJ_AIO_05_F4400_Software_Min (HKLM-x32\...\{d281ba0e-1617-4a62-bb37-b73671035e36}) (Version: 120.0.235.000 - Hewlett-Packard) Hidden
Drop! (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Drop!) (Version: 1.0.0.1 - eGames)
F4400 (HKLM-x32\...\{0409c45d-df44-4b98-93b0-572697aa054a}) (Version: 120.0.235.000 - Hewlett-Packard) Hidden
Farm Vet (HKLM-x32\...\Farm Vet) (Version: - )
Farmscapes (HKLM-x32\...\Farmscapes) (Version: - )
FastAgain PC Booster (HKLM-x32\...\FastAgain PC Booster_is1) (Version: 1.0 - Activeris) <==== ATTENTION
Fitbit Connect (HKLM-x32\...\{E0BB814A-ADB0-4015-9E17-CF0F45EEAF37}) (Version: 2.0.1.6802 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{F648FD09-7CEA-4257-BC68-A8389189FD51}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Hide and Secret (HKLM-x32\...\Hide and Secret) (Version: - )
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.1000.1002 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 (HKLM\...\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}) (Version: 12.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.2719 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2809 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{784BEA84-FA66-4B19-BB80-7B545F248AC6}) (Version: 1.2.2854.2975 - Hewlett-Packard)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 2.0.64.3 - Hewlett-Packard) Hidden
HPPhotoGadget (HKLM-x32\...\{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}) (Version: 120.0.150.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6EED4269-588D-45b8-A80C-26A9CA62EE4E}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iWin Games (HKLM-x32\...\iWinArcade) (Version: 2.92 - )
Jewel Quest (remove only) (HKLM-x32\...\Jewel Quest) (Version: - )
Jewel Quest 2 (remove only) (HKLM-x32\...\Jewel Quest 2) (Version: - )
Jewel Quest Solitaire (remove only) (HKLM-x32\...\Jewel Quest Solitaire) (Version: - )
Jewel Quest Solitaire II (remove only) (HKLM-x32\...\Jewel Quest Solitaire II) (Version: - )
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Legends of Deceit (HKLM-x32\...\{D501C2FC-65B2-4660-B996-BF020A118D60}) (Version: 1.0.0 - On Hand Software)
Legends of Silence (HKLM-x32\...\{2D6F5E76-2F9E-4F31-955D-B3EE085570BA}) (Version: 1.0.0 - On Hand Software)
Life Quest (HKLM-x32\...\BFG-Life Quest) (Version: - )
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
Mah Jong Quest III (remove only) (HKLM-x32\...\Mah Jong Quest III) (Version: - )
MarketResearch (HKLM-x32\...\{2A329FB6-389D-4396-A974-29656D6864AE}) (Version: 120.0.226.000 - Hewlett-Packard) Hidden
Masque IGT Slots Wolf Run (HKLM-x32\...\{7C0BF6E9-7021-46E4-87B3-4C4587256A22}) (Version: 1.0.1 - Masque Publishing)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Monkey Money 2 (tb) (remove only) (HKLM-x32\...\Monkey Money 2 (tb)) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Tribe (HKLM-x32\...\BFG-My Tribe) (Version: - )
Mystery P.I. - The Vegas Heist 1.0.0.3 (HKLM-x32\...\Mystery P.I. - The Vegas Heist 1.0.0.3) (Version: - )
Mysteryville 2 (remove only) (HKLM-x32\...\Mysteryville 2) (Version: - )
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version: - )
Noah's Ark Deluxe 1.1 (HKLM-x32\...\Noah's Ark Deluxe 1.1) (Version: - )
Norton Security (HKLM-x32\...\NGC) (Version: 22.15.2.22 - Symantec Corporation)
ParetoLogic FileCure (HKLM-x32\...\{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}) (Version: 1.0.0.0 - ParetoLogic, Inc.)
Peggle Deluxe 1.0 (HKLM-x32\...\Peggle Deluxe 1.0) (Version: 1.0 - PopCap Games)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
Pipe Mania (HKLM-x32\...\{FBD00247-B21F-4068-A409-3B990005317E}) (Version: 1.00.0000 - Empire Interactive)
Pirateville (remove only) (HKLM-x32\...\Pirateville) (Version: - )
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
Premium Technical Support (HKLM-x32\...\{75B23FA8-FEA5-47E4-9326-9B4FA9A9ACEE}) (Version: 7.7.581 - LogMeIn, Inc.)
Puzzle Odyssey (HKLM-x32\...\Puzzle Odyssey_is1) (Version: - Games Of The Month)
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuantZ (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117459997}) (Version: - Oberon Media)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
SmartWebPrinting (HKLM-x32\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{9603DE6D-4567-4b78-B941-849322373DE2}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
The Lost Inca Prophecy (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\The Lost Inca Prophecy) (Version: 1.0.0.0 - eGames)
The Poppit! Show (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111715607}) (Version: - Oberon Media)
The Poppit! Show (HKLM-x32\...\The Poppit! Show) (Version: 0.1 - Electronic Arts)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - )
Toolbox (HKLM-x32\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Twistingo (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Twistingo) (Version: 1.0.0.0 - eGames)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (HKLM-x32\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Youda Farmer 3 (HKLM-x32\...\Youda Farmer 3) (Version: - )
Zuma Deluxe (HKLM-x32\...\Zuma Deluxe) (Version: - PopCap Games)
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version: - PopCap Games)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\NavShExt.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\NavShExt.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.15.2.22\NavShExt.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) =============
2016-11-17 12:50 - 2016-11-17 12:50 - 040622592 ____R () [File not signed] C:\Program Files (x86)\Fitbit Connect\libcef.dll
2009-02-06 12:11 - 2009-02-06 12:11 - 000385024 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Remote\Common.dll
2009-02-06 12:11 - 2009-02-06 12:11 - 000151552 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Remote\MCStateSink.dll
2016-09-06 17:07 - 2016-09-06 11:00 - 000147456 _____ () [File not signed] C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2016-09-06 17:07 - 2016-09-06 11:00 - 005197312 _____ () [File not signed] C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2008-10-16 18:23 - 2008-10-16 18:23 - 000217088 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2008-10-16 18:24 - 2008-10-16 18:24 - 000192512 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
2008-10-16 18:24 - 2008-10-16 18:24 - 000135168 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2009-03-17 12:25 - 2009-03-17 12:25 - 000033792 _____ (Hewlett-Packard Company) [File not signed] c:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2009-03-17 12:25 - 2009-03-17 12:25 - 000110592 _____ (Hewlett-Packard Company) [File not signed] c:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2009-07-09 19:43 - 2008-10-06 14:39 - 000134144 _____ (Hewlett-Packard Company) [File not signed] C:\Windows\System32\hpf3l083.dll
2009-07-09 19:45 - 2008-10-06 14:39 - 000254464 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpfpp083.dll
2009-04-30 21:51 - 2009-04-30 21:51 - 000098304 _____ (Hewlett-Packard) [File not signed] C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
2009-07-02 17:06 - 2008-12-04 11:56 - 000118784 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll
2009-07-02 17:06 - 2008-12-04 11:49 - 000208896 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
2016-11-17 12:50 - 2016-11-17 12:50 - 009994752 ____R (The ICU Project) [File not signed] C:\Program Files (x86)\Fitbit Connect\icudt.dll
2016-08-12 18:36 - 2016-08-12 18:36 - 001310208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fitbit Connect\LIBEAY32.dll
2016-11-17 15:22 - 2016-11-17 15:22 - 001500672 ____R (winsparkle.org) [File not signed] C:\Program Files (x86)\Fitbit Connect\WinSparkle.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
==================== Internet Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\hp%20games -> hp%20games
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 04:34 - 2006-09-18 13:37 - 000000761 ____N C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk => C:\Windows\pss\iWin Desktop Alerts.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DVDAgent => "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Remote Software => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
MSCONFIG\startupreg: HPADVISOR => c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: IAAnotif => "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: Microsoft Default Manager => "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: OCA_MRK => c:\hp\bin\OCA\hputilck64.exe c:\windows\system32\cmd.exe /c c:\hp\bin\OCA\install.cmd CRP
MSCONFIG\startupreg: PCDrProfiler => "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r
MSCONFIG\startupreg: PDFServerEngine => "C:\Program Files (x86)\PDF Suite\PDFServerEngine.exe" /autorun
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartMenu => %ProgramFiles(x86)%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TSMAgent => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: UfSeAgnt.exe => "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe No File
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe No File
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe No File
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe No File
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe No File
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe No File
FirewallRules: [{46D1E544-8AE1-4292-A9CB-5CBA6028FAD4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{FBCA2885-A95F-4F59-8A35-0B61D107471D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{9A26FEF1-B4F1-4BFC-8537-49786D1AD52A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{8BD3E2F4-5897-4F2A-BB58-3EDD774AAE68}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{3451B6D4-7201-4467-AEFC-9982DEA148F4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{6AFB3D12-AA19-4A32-87F8-3A1C016E712B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink -> CyberLink)
FirewallRules: [{98B4BB1D-FA45-4957-BCAB-3B11F0674DE8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{31420664-00DB-4D30-91EB-D336D6094C66}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{BF9E5C45-D04D-4DB3-88FA-A86C94A1670D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{67AC4346-AC38-47EA-86CB-A5CC9FCD50DE}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{FC260778-A295-4D80-9C01-35221E3F0679}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{5FE71C5B-8F98-4F53-9888-531CFC2699C5}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{3104A41C-D0FE-402F-A1FF-0D50615482DF}] => (Allow) C:\Program Files (x86)\BitTorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{3105F5DA-66C0-4AFD-A4D9-36EB63264373}] => (Allow) C:\Program Files (x86)\BitTorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{43E1DA0E-27B9-4B18-BC8B-6059AA3AB663}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{32BC23EF-8819-492C-ADB8-6C3B2F4BC6B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{4EA441DD-B422-4F97-87D6-F58F7716ECA8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{3218F1F1-3A6B-4BAC-B9E1-FB644C6F068B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{A21FEDB1-1FF7-4349-AE89-D8C9FEEF9D9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{062E81A4-BAE8-4068-B221-4CA3A1E77B4C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F710715B-1385-4FA1-845C-69FAA8E5B96C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{CE4356ED-7C46-48BF-AC8F-55F7173A7919}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{1EEF65A3-6F01-4A2D-8676-F7C098C2608B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{465A9EBE-5587-4B4F-AD7F-CE32AB499F39}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{88ABA7A1-3A2F-4CFD-ACE3-E22A3D9DB1E5}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe No File
FirewallRules: [{899AA496-464C-463D-A0A2-A38F9DB7BB2B}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe No File
FirewallRules: [{272BA3A4-E71D-4C94-9E55-F2EB19036CAB}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe No File
FirewallRules: [{208CF2E6-E114-4975-9736-88221A268F80}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe No File
FirewallRules: [{EBB4B12E-E6F4-49B4-A39F-D57C7F9D728A}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS35CF.tmp\SymNRT.exe No File
FirewallRules: [{130FA13B-3B20-4AFF-9D87-805E755E1C65}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS35CF.tmp\SymNRT.exe No File
FirewallRules: [TCP Query User{05E16A9A-327D-4E1D-993A-88E2543F26FA}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{3574B4D5-06BA-4C04-8901-65DA8968272A}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{AFC86ACC-9300-4BAA-914D-C08A0AFDF290}] => (Allow) LPort=80
FirewallRules: [{225E6665-FED4-48A8-8015-673D498EB02C}] => (Allow) LPort=80
FirewallRules: [{6C43E839-00DC-4492-A469-811D57CBE1C7}] => (Allow) LPort=80
FirewallRules: [{AB6C3FE6-1667-4103-838F-7CF951A93357}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe No File
FirewallRules: [{13503F9F-9BAF-4DDF-8A67-62AD9B70D38A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe No File
FirewallRules: [{1E33AA54-2E13-4E54-954D-5E730756CB40}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe No File
FirewallRules: [{CF267219-094C-45ED-BE0D-8F6092B01075}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe No File
FirewallRules: [{AF7760C0-F26B-4901-BD0A-E4FE10BE9A87}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe No File
FirewallRules: [{A139594D-638D-4603-899F-103412F0A3E4}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe No File
FirewallRules: [{F3B64111-3C71-4A60-8735-8FB3E5711A2C}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe No File
FirewallRules: [{DCB13D02-6FBF-4702-B47E-657ABC207B5A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe No File
FirewallRules: [{8DEAD621-C6C2-4D51-A759-24F8B2129D0D}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zSFD61.tmp\SymNRT.exe No File
FirewallRules: [{33A52569-2B86-44D0-9E4C-F1F22939354D}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zSFD61.tmp\SymNRT.exe No File
FirewallRules: [{12B75F63-1A72-4991-98FC-2ADB4494AD4F}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe No File
FirewallRules: [{3075DEC8-83E4-462E-93BF-4FE186E533F8}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe No File
FirewallRules: [{3AD4897F-BC62-4FB3-8F7D-4F9C2F6EBFD6}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe No File
FirewallRules: [{B7DF3A54-5279-4F6C-902E-33DF87F1F9E4}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe No File
FirewallRules: [TCP Query User{C4130B4E-DC87-43E6-BD56-586A1EEED8F4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe No File
FirewallRules: [UDP Query User{8FF822E4-BC21-4A43-8EA8-0D17AFB2EBDD}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe No File
FirewallRules: [TCP Query User{BB45CB0A-C3F6-4412-9B0C-7AE434E9EC86}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe No File
FirewallRules: [UDP Query User{013F92D6-966E-4909-B6F1-7E34A37E5F63}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe No File
FirewallRules: [{02E28043-6B71-4926-90DE-EF63312989EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\BitTorrent\bittorrent.exe] => Enabled:BitTorrent
==================== Restore Points =========================
22-07-2019 14:55:13 Scheduled Checkpoint
26-07-2019 19:29:36 Scheduled Checkpoint
02-08-2019 16:18:31 Scheduled Checkpoint
05-08-2019 16:26:54 Scheduled Checkpoint
23-08-2019 05:31:10 Scheduled Checkpoint
24-08-2019 12:25:27 Scheduled Checkpoint
25-08-2019 13:38:11 Scheduled Checkpoint
27-08-2019 17:20:17 Scheduled Checkpoint
30-08-2019 17:42:56 Scheduled Checkpoint
05-09-2019 12:28:54 Scheduled Checkpoint
13-09-2019 11:08:00 Scheduled Checkpoint
17-09-2019 14:29:18 Scheduled Checkpoint
20-09-2019 20:06:06 Scheduled Checkpoint
26-09-2019 15:28:50 Scheduled Checkpoint
06-10-2019 18:37:52 Scheduled Checkpoint
12-10-2019 13:04:53 Scheduled Checkpoint
18-10-2019 11:38:31 Scheduled Checkpoint
19-10-2019 17:14:35 Scheduled Checkpoint
01-11-2019 07:50:50 Scheduled Checkpoint
03-11-2019 03:10:12 Scheduled Checkpoint
05-11-2019 18:41:50 Scheduled Checkpoint
08-11-2019 05:49:16 Scheduled Checkpoint
10-11-2019 17:32:00 Scheduled Checkpoint
13-11-2019 15:09:43 Scheduled Checkpoint
14-11-2019 12:02:10 Scheduled Checkpoint
18-11-2019 15:00:19 Scheduled Checkpoint
19-11-2019 22:17:31 Scheduled Checkpoint
22-11-2019 07:26:37 Scheduled Checkpoint
23-11-2019 13:16:20 Scheduled Checkpoint
25-11-2019 16:53:39 Scheduled Checkpoint
27-11-2019 17:54:12 Scheduled Checkpoint
29-11-2019 15:15:01 Scheduled Checkpoint
03-12-2019 01:23:21 Scheduled Checkpoint
06-12-2019 07:56:48 First Restore Point
07-12-2019 11:11:24 First Restore Point
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/28/2019 03:22:06 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).
Error: (11/28/2019 03:22:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).
Error: (11/09/2019 08:11:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (11/09/2019 08:06:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (11/09/2019 08:03:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (11/09/2019 07:59:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (11/05/2019 05:09:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (11/05/2019 05:04:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (11/09/2019 08:11:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt
Error: (11/09/2019 08:10:00 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
Error: (11/09/2019 08:09:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:08:13 AM on 11/9/2019 was unexpected.
Error: (11/09/2019 08:07:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt
Error: (11/09/2019 08:05:51 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
Error: (11/09/2019 08:05:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:04:04 AM on 11/9/2019 was unexpected.
Error: (11/09/2019 08:03:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt
Error: (11/09/2019 08:02:36 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
CodeIntegrity:
===================================
Date: 2019-12-07 11:18:49.231
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2019-12-07 11:18:47.705
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2019-12-07 11:18:45.877
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2019-12-07 11:18:44.234
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2019-12-07 11:18:42.783
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2019-12-07 11:18:41.430
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2019-12-07 11:18:39.790
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2019-12-07 11:18:38.129
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 5.39 05/06/2009
Motherboard: PEGATRON CORPORATION Benicia
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 90%
Total physical RAM: 6133.33 MB
Available physical RAM: 581.03 MB
Total Virtual: 12459.68 MB
Available Virtual: 5903.43 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:582.5 GB) (Free:415.3 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.67 GB) (Free:1.92 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================