Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

We be Jammin' (computer Freezes up) [Closed]


  • This topic is locked This topic is locked

#1
dave423

dave423

    Member

  • Member
  • PipPip
  • 62 posts

Hi Guys.

Our main desktop computer will run for about 5 to 10 minutes, then it freezes up.  I have not used it frequently lately, but my wife uses it to pay bills and play games.  I don't know if we have a hardware or software problem.  I did see Apple's ITunes updater on screen when it froze up, but we don't use ITunes, so I removed all the related Apple programs, but it did not solve the problem.

Here are the scans I've been able to run between freeze-ups.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by DaveandSuzie (administrator) on DAVEANDSUZIE-PC (12-12-2015 12:42:16)
Running from C:\Users\DaveandSuzie\Desktop
Loaded Profiles: DaveandSuzie & UpdatusUser (Available Profiles: DaveandSuzie & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Creative Technology Ltd.) C:\Windows\V0415Mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [V0415Mon.exe] => C:\Windows\V0415Mon.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-29] (Hewlett-Packard)
HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\Run: [Google Update] => C:\Users\DaveandSuzie\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-09] (SUPERAntiSpyware)
HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\RunOnce: [Uninstall C:\Users\DaveandSuzie\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DaveandSuzie\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\RunOnce: [Uninstall C:\Users\DaveandSuzie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DaveandSuzie\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\MountPoints2: J - J:\LaunchU3.exe -a
HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\MountPoints2: {fc97a4cd-211c-11df-8854-002618f7d109} - J:\LaunchU3.exe -a
HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-4251146819-3009193670-3402536777-1003\...\Run: [HPADVISOR] => [X]
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2010-01-04] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2010-01-04] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2010-01-04] (Mozy, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-01-31]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-09-13]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{FB4DF66A-4FCD-4402-9A10-30418DCEBE9A}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4251146819-3009193670-3402536777-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
HKU\S-1-5-21-4251146819-3009193670-3402536777-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome_first&locale=en_US&c=94&bd=Pavilion&pf=cndt
HKU\S-1-5-21-4251146819-3009193670-3402536777-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {3402CC29-EC9D-4FF3-8647-077679973A5B} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {3402CC29-EC9D-4FF3-8647-077679973A5B} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-14] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-14] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
DPF: HKLM-x32 {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler-x32: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll [2012-05-18] (TODO: <Company name>)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\DaveandSuzie\AppData\Roaming\Mozilla\Firefox\Profiles\ywxb7n7t.default-1425092590396
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll [2013-02-25] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin-x32: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [2007-03-09] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-4251146819-3009193670-3402536777-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\DaveandSuzie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4251146819-3009193670-3402536777-1000: @talk.google.com/O1DPlugin -> C:\Users\DaveandSuzie\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4251146819-3009193670-3402536777-1000: @tools.google.com/Google Update;version=3 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4251146819-3009193670-3402536777-1000: @tools.google.com/Google Update;version=9 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4251146819-3009193670-3402536777-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DaveandSuzie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4251146819-3009193670-3402536777-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\DaveandSuzie\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-09] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\DaveandSuzie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\DaveandSuzie\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-09-13] [not signed]
FF HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\Firefox\Extensions: [{BFF829B6-B433-42CE-9A19-E459D3E4E483}] - C:\Users\DaveandSuzie\AppData\Roaming\My.Freeze.com NetAssistant => not found
FF HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/webhp?source=search_app
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\DaveandSuzie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\DaveandSuzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-14]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\DaveandSuzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-26]
CHR Extension: (Google Cast) - C:\Users\DaveandSuzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-26]
CHR Extension: (Cigarbid.com Freefall Watcher) - C:\Users\DaveandSuzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcecdnbdgabpkbkcjepmhicbkmbipjeh [2014-01-11]
CHR Extension: (CigarBid Free Fall Plugin) - C:\Users\DaveandSuzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\haggdgmfhabhnmfmcmodogfmehljdoco [2015-11-26]
CHR Extension: (The Fancy Pants Adventure: World 2) - C:\Users\DaveandSuzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk [2014-01-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DaveandSuzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-20] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-12] (SurfRight B.V.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [79672 2010-01-04] (Mozy, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2007-09-05] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [109096 2008-01-18] (MCCI Corporation)
S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [19496 2008-01-18] (MCCI Corporation)
S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [146472 2008-01-18] (MCCI Corporation)
S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [130600 2008-01-18] (MCCI Corporation)
S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [125480 2008-01-18] (MCCI Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2015-12-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [66040 2010-01-04] (Mozy, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-01-24] (CACE Technologies, Inc.)
R3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [49664 2007-02-05] ()
S3 s115bus; C:\Windows\System32\DRIVERS\s115bus.sys [108296 2007-04-23] (MCCI Corporation)
S3 s115mdfl; C:\Windows\System32\DRIVERS\s115mdfl.sys [19720 2007-04-23] (MCCI Corporation)
S3 s115mdm; C:\Windows\System32\DRIVERS\s115mdm.sys [144648 2007-04-23] (MCCI Corporation)
S3 s115mgmt; C:\Windows\System32\DRIVERS\s115mgmt.sys [126216 2007-04-23] (MCCI Corporation)
S3 s115obex; C:\Windows\System32\DRIVERS\s115obex.sys [123656 2007-04-23] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2010-02-02] (Sony Ericsson Mobile Communications)
S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [399424 2012-09-30] (TASCAM)
S3 TASCAM_US122L_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31296 2012-09-30] (TASCAM)
S3 TASCAM_US122L_WDM; C:\Windows\System32\drivers\tscusb2a.sys [50240 2012-09-30] (TASCAM)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
R3 V0415Vid; C:\Windows\System32\DRIVERS\V0415Vid.sys [336448 2009-08-04] (Creative Technology Ltd.)
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 12:21 - 2015-12-12 12:27 - 00064174 _____ C:\Users\DaveandSuzie\Desktop\Addition.txt
2015-12-12 12:19 - 2015-12-12 12:43 - 00028105 _____ C:\Users\DaveandSuzie\Desktop\FRST.txt
2015-12-12 12:19 - 2015-12-12 12:19 - 00000000 ____D C:\Users\DaveandSuzie\Desktop\FRST-OlderVersion
2015-12-11 08:34 - 2015-12-12 12:38 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-12-09 19:44 - 2015-12-09 19:44 - 00032675 _____ C:\Users\DaveandSuzie\Downloads\Addition.txt
2015-12-09 19:41 - 2015-12-12 12:42 - 00000000 ____D C:\FRST
2015-12-09 19:41 - 2015-12-09 19:44 - 00067161 _____ C:\Users\DaveandSuzie\Downloads\FRST.txt
2015-12-09 19:40 - 2015-12-12 12:19 - 02369536 _____ (Farbar) C:\Users\DaveandSuzie\Desktop\FRST64.exe
2015-12-05 18:37 - 2015-12-05 18:37 - 00000000 ____D C:\Users\DaveandSuzie\AppData\Local\{7CD858EC-B1DA-4CD4-A836-607915EA8822}
2015-12-05 13:25 - 2015-12-05 13:25 - 00002233 _____ C:\Users\DaveandSuzie\Desktop\HP Support Assistant.lnk
2015-12-05 13:25 - 2015-12-05 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-12-05 06:36 - 2015-12-05 06:36 - 00000000 ____D C:\Users\DaveandSuzie\AppData\Local\{38E3BA64-0C4B-439E-B3E0-D9C2B7BB10D5}
2015-12-04 18:36 - 2015-12-04 18:36 - 00000000 ____D C:\Users\DaveandSuzie\AppData\Local\{E5671AAE-486B-4C76-A64E-1ABFD928036E}
2015-12-04 06:36 - 2015-12-04 06:36 - 00000000 ____D C:\Users\DaveandSuzie\AppData\Local\{533A5DE7-9806-46A7-9CC4-EC0676C9D0EF}
2015-12-03 18:36 - 2015-12-03 18:36 - 00000000 ____D C:\Users\DaveandSuzie\AppData\Local\{CD1F7884-160C-44E6-BB02-DA75EE0624CD}
2015-11-27 08:21 - 2015-11-27 08:22 - 00000000 ____D C:\Users\DaveandSuzie\AppData\Local\{831A0A60-060D-4623-945C-3BBBB5772B39}
2015-11-17 05:25 - 2015-11-17 05:25 - 00000000 ____D C:\Users\DaveandSuzie\AppData\Local\{DCDF9129-1EB7-42EB-9F09-B76F3001DB55}
2015-11-12 03:29 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 12:38 - 2014-11-13 09:04 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4251146819-3009193670-3402536777-1000UA1cfff4ab7e2bad0.job
2015-12-12 12:32 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-12 12:29 - 2012-07-21 13:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-12 12:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-12 12:25 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-12 12:25 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-10 07:45 - 2013-08-14 19:46 - 00689478 _____ C:\Windows\ntbtlog.txt
2015-12-09 19:37 - 2013-03-04 23:59 - 00000000 ____D C:\Users\UpdatusUser
2015-12-09 19:01 - 2014-04-04 21:10 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-09 18:51 - 2010-02-02 22:33 - 00007601 _____ C:\Users\DaveandSuzie\AppData\Local\Resmon.ResmonCfg
2015-12-09 18:49 - 2012-10-21 20:53 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-09 17:02 - 2009-08-19 05:42 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2015-12-09 17:01 - 2014-06-22 08:30 - 00000000 ____D C:\Users\DaveandSuzie\AppData\Local\Amazon Music
2015-12-09 17:01 - 2013-08-20 07:15 - 00000588 _____ C:\Windows\system32\.crusader
2015-12-09 16:46 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-09 16:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-09 16:42 - 2010-01-09 21:13 - 00000000 ____D C:\Users\DaveandSuzie
2015-12-09 16:39 - 2015-02-06 18:04 - 00000360 _____ C:\Windows\Tasks\HPCeeScheduleForDaveandSuzie.job
2015-12-09 16:39 - 2009-07-13 23:45 - 00372400 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 16:38 - 2015-04-04 02:02 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-09 16:38 - 2013-03-14 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 16:38 - 2013-03-14 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 16:38 - 2010-01-10 00:18 - 00000000 ____D C:\ProgramData\ArcSoft
2015-12-09 16:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2015-12-09 16:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-09 16:37 - 2013-03-14 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 16:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-12-09 16:37 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-09 16:36 - 2009-08-19 05:33 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-12-09 03:12 - 2013-08-14 18:26 - 00000000 ____D C:\Windows\system32\MRT
2015-12-08 19:29 - 2012-07-21 13:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 19:29 - 2012-07-21 13:30 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 19:29 - 2011-07-03 12:23 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 17:54 - 2013-05-04 19:52 - 00002104 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-08 09:38 - 2011-11-24 16:14 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4251146819-3009193670-3402536777-1000Core.job
2015-12-05 13:25 - 2009-08-19 05:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-05 13:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2015-12-05 13:20 - 2010-01-09 21:29 - 00092208 _____ C:\Users\DaveandSuzie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-05 13:20 - 2009-08-19 05:22 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-12-05 13:11 - 2010-12-17 07:05 - 00000000 ____D C:\swsetup
2015-12-04 00:46 - 2010-01-18 21:11 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 00:46 - 2010-01-18 21:11 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 00:46 - 2010-01-18 21:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-04 00:46 - 2010-01-18 21:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 21:00 - 2013-11-17 10:02 - 00566272 ___SH C:\Users\DaveandSuzie\Downloads\Thumbs.db
2015-12-01 09:33 - 2014-11-13 09:04 - 00003920 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4251146819-3009193670-3402536777-1000UA1cfff4ab7e2bad0
2015-12-01 09:33 - 2011-11-24 16:14 - 00003524 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4251146819-3009193670-3402536777-1000Core
2015-11-20 17:27 - 2015-02-06 18:04 - 00003228 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDaveandSuzie
2015-11-17 10:03 - 2013-12-28 16:08 - 00015496 _____ C:\Users\DaveandSuzie\Desktop\Meds update.odt
2015-11-17 10:02 - 2010-11-14 10:51 - 01060864 ___SH C:\Users\DaveandSuzie\Documents\Thumbs.db
2015-11-17 09:58 - 2010-05-01 14:24 - 00000000 ____D C:\Users\DaveandSuzie\Documents\Suzanne
2015-11-12 03:59 - 2015-11-06 23:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-12 03:59 - 2012-07-21 13:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-12 03:26 - 2010-02-01 06:56 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-12 03:06 - 2011-03-12 09:17 - 00774632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-12 03:02 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-12 00:35 - 2012-03-05 20:40 - 00000000 ____D C:\Users\DaveandSuzie\Documents\My Scans

==================== Files in the root of some directories =======

2011-06-03 15:26 - 2011-09-02 15:18 - 0001854 _____ () C:\Users\DaveandSuzie\AppData\Roaming\GhostObjGAFix.xml
2010-01-13 18:35 - 2015-05-27 02:24 - 0001622 _____ () C:\Users\DaveandSuzie\AppData\Roaming\wklnhst.dat
2010-02-14 16:06 - 2011-01-29 19:20 - 0005120 _____ () C:\Users\DaveandSuzie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-01-10 00:23 - 2011-09-13 19:10 - 0422138 _____ () C:\Users\DaveandSuzie\AppData\Local\installer.log
2010-01-10 00:31 - 2010-01-10 00:31 - 0000183 _____ () C:\Users\DaveandSuzie\AppData\Local\LaunchHomeCenter.log
2010-02-02 22:33 - 2015-12-09 18:51 - 0007601 _____ () C:\Users\DaveandSuzie\AppData\Local\Resmon.ResmonCfg
2010-11-14 11:10 - 2010-11-14 11:10 - 0771924 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpDSC00025.0
2010-11-14 11:10 - 2010-11-14 11:10 - 0300440 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpDSC00025.JPG
2010-03-13 17:13 - 2010-03-13 17:13 - 0585596 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpDSC00028.0
2010-03-13 17:13 - 2010-03-13 17:13 - 0739150 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpDSC00028.JPG
2010-01-27 21:47 - 2010-01-27 21:47 - 0433269 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpFOOD CITY RECEIPT.0
2010-01-27 21:47 - 2010-01-27 21:47 - 0484407 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpFOOD CITY RECEIPT.JPG
2010-09-20 19:25 - 2010-09-20 19:25 - 3789650 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpP2210035.JPG
2010-09-20 19:13 - 2010-09-20 19:13 - 3791233 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpP2210037.JPG
2010-01-10 14:14 - 2010-01-10 14:14 - 4251124 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpP2250099.0
2010-01-10 14:14 - 2010-01-10 14:14 - 1422495 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpP2250099.JPG
2010-05-23 20:04 - 2010-05-23 20:04 - 3111204 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpSAM_0032.JPG
2010-05-23 20:04 - 2010-05-23 20:04 - 3066599 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpSAM_0033.JPG
2010-05-23 20:04 - 2010-05-23 20:04 - 3102648 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpSAM_0034.JPG
2010-05-23 20:02 - 2010-05-23 20:02 - 3138522 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpSAM_0036.JPG
2010-05-23 20:02 - 2010-05-23 20:02 - 3072031 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpSAM_0043.JPG
2010-05-23 20:03 - 2010-05-23 20:03 - 3101044 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpSAM_0044.JPG
2010-05-23 20:03 - 2010-05-23 20:03 - 3151966 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpSAM_0045.JPG
2010-08-27 07:32 - 2010-08-27 07:32 - 3590004 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpSAM_0150.1.0
2010-08-27 07:32 - 2010-08-27 07:32 - 1601326 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpSAM_0150.1.JPG
2010-08-27 07:35 - 2010-08-27 07:35 - 3938234 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpSAM_0151.1.0
2010-08-27 07:35 - 2010-08-27 07:35 - 1694421 _____ () C:\Users\DaveandSuzie\AppData\Local\tmpSAM_0151.1.JPG
2012-09-10 17:04 - 2012-09-10 17:04 - 0000000 _____ () C:\ProgramData\fd68be3e8c3f995fff4a00f38cadd87f_c
2011-09-13 19:11 - 2011-09-13 19:38 - 0000778 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\DaveandSuzie\AppData\Local\Temp\8.1.30.1-EasyShrx.Dll
C:\Users\DaveandSuzie\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\DaveandSuzie\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\DaveandSuzie\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\DaveandSuzie\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\DaveandSuzie\AppData\Local\Temp\Quarantine.exe
C:\Users\DaveandSuzie\AppData\Local\Temp\SAS6_Update.exe
C:\Users\DaveandSuzie\AppData\Local\Temp\sp64126.exe
C:\Users\DaveandSuzie\AppData\Local\Temp\tmp69CC.exe
C:\Users\DaveandSuzie\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\DaveandSuzie\AppData\Local\Temp\VistaLib64_1.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-30 00:08

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by DaveandSuzie (2015-12-12 12:44:36)
Running from C:\Users\DaveandSuzie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-10 02:13:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4251146819-3009193670-3402536777-500 - Administrator - Disabled)
DaveandSuzie (S-1-5-21-4251146819-3009193670-3402536777-1000 - Administrator - Enabled) => C:\Users\DaveandSuzie
Guest (S-1-5-21-4251146819-3009193670-3402536777-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4251146819-3009193670-3402536777-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-4251146819-3009193670-3402536777-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version:  - )
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\Amazon Amazon Music) (Version: 3.0.0.564 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
Angry Birds (HKLM-x32\...\{8156D076-6317-44AF-AB53-37C2E529D510}) (Version: 3.3.3 - Rovio Entertainment Ltd.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Audacity 1.3.12 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ChromecastApp (HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative Live! Cam Video IM Ultra (VF0415) (1.01.03.00) (HKLM\...\Creative VF0415) (Version:  - )
Creative Live! Central (HKLM-x32\...\Creative Live! Central) (Version:  - )
Creative System Information (HKLM-x32\...\SysInfo) (Version:  - )
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 3.2.1.0 - Microsoft Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MIKSOFT Mobile 3GP converter (HKLM-x32\...\MIKSOFT Mobile 3GP converter_is1) (Version:  - MIKSOFT)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MozyHome Remote Backup (HKLM\...\{86B77B5A-B157-6386-37B0-DB2494DEEAFF}) (Version: 1.16.4.0 - Mozy, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My.Freeze.com NetAssistant (x32 Version: 3.6.3 - Freeze.com) Hidden
My.Freeze.com NetAssistant for Firefox (HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\My.Freeze.com NetAssistant) (Version: 3.6.3 - Freeze.com)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Supercharger (HKLM-x32\...\Native Instruments Supercharger) (Version: 1.1.0.418 - Native Instruments)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OLYMPUS Master 2 (HKLM-x32\...\{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}) (Version: 1.0.13 - OLYMPUS IMAGING CORP.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenGL Extensions Viewer 4.0 (HKLM-x32\...\GLVIEW3) (Version: 409 - )
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
OverDrive for Windows (HKLM-x32\...\{C96D82F1-6CB0-42C2-8ED3-C3DD739E0280}) (Version: 3.4.0 - OverDrive, Inc.)
Paint.NET v3.5.5 (HKLM\...\{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}) (Version: 3.55.0 - dotPDN LLC)
Photosynth 2.0110.0317.1042 (HKLM-x32\...\{B08AC850-5B07-41F1-9DB1-56CF72003BDA}) (Version: 3.3.3.3 - Microsoft)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QuickBooks Simple Start 2008 (HKLM-x32\...\{8ECB8220-F419-4BEB-9596-97033C533702}) (Version: 18.0.4001.606 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1012 - SUPERAntiSpyware.com)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Service (HKLM-x32\...\Update Service) (Version: 2.10.2.50 - Sony Ericsson Mobile Communications AB)
US-122 MKII / US-144 MKII (HKLM\...\USB_AUDIO_DEusb-audio.deTascam) (Version:  - )
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Warzone 2100-3.1.0 (HKLM-x32\...\Warzone 2100-3.1.0) (Version: 3.1.0 - Warzone 2100 Project)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.1.0.4400 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.4400 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 3.1.1.0 - Microsoft Corporation)
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\DaveandSuzie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\DaveandSuzie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Restore Points =========================

28-11-2015 05:24:28 Windows Update
02-12-2015 05:24:46 Windows Update
05-12-2015 13:17:18 Installed HP Support Assistant
05-12-2015 13:22:52 Windows Modules Installer
05-12-2015 13:24:19 Windows Modules Installer
06-12-2015 04:24:50 Windows Update
09-12-2015 03:00:24 Windows Update
09-12-2015 16:29:19 Restore Operation
09-12-2015 16:59:31 Checkpoint by HitmanPro
12-12-2015 12:33:51 Removed Apple Software Update
12-12-2015 12:35:43 Removed QuickTime
12-12-2015 12:37:07 Removed Bonjour
12-12-2015 12:38:47 Removed Apple Application Support

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D6D2500-8AB8-4321-A349-83D865D36DD0} - System32\Tasks\{994E96E3-27DE-4A69-B952-9087E435D275} => C:\Users\DaveandSuzie\AppData\Local\EnglishHarbourCasino\Bin\CasinoApp.exe
Task: {10BDF3FF-BBB6-4BBF-A3D3-92264373BFD2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {19EF9526-99F4-447E-B7D4-4ACA30D61C2B} - System32\Tasks\{88E7922C-CB3B-41FA-9240-2071F13EE9C2} => C:\Users\DaveandSuzie\AppData\Local\VIPSlotsCasino\Bin\CasinoApp.exe
Task: {1E07C31B-670B-4022-BDB7-9C46981F2C34} - System32\Tasks\{CFFE9D75-5CB9-4DA8-B24A-465DAD9C5400} => C:\Program Files (x86)\RichCasino\clientbrowser.exe
Task: {2258215B-DEF9-4C72-B84F-101F10D4A61C} - System32\Tasks\{67F675A3-F792-4131-A645-2A070D1A2A36} => C:\Users\DaveandSuzie\AppData\Local\EnglishHarbourCasino\Bin\CasinoApp.exe
Task: {25B1FCD6-7DAE-41F9-BACA-7FB710543B96} - System32\Tasks\{010A6ACB-B925-4AC9-96F4-776D73F2AC17} => C:\Users\DaveandSuzie\AppData\Local\EnglishHarbourCasino\Bin\CasinoApp.exe
Task: {27AD707C-47F3-4BF7-A7FC-5B9A06AB4E22} - System32\Tasks\{CBA4EE33-BC64-4C42-9CDD-757EAF223A76} => C:\Users\DaveandSuzie\AppData\Local\VIPSlotsCasino\Bin\CasinoApp.exe
Task: {2C015C20-73E5-48CD-9CCB-01F02981B5DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {2FE4FE72-0C8B-4C47-9DCA-652E1B88E307} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {32A19868-C765-4060-94B1-60F9ACA0C6C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {340539AE-CFE7-48B9-ABF0-9EC55E8272A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {4299BD69-9AC6-419B-8B10-476C6DC4C3E1} - System32\Tasks\{E13F9AEA-CE7D-4598-B850-9339167D1142} => C:\Users\DaveandSuzie\AppData\Local\VIPSlotsCasino\Bin\CasinoApp.exe
Task: {46CAAB37-2A07-47C5-AED1-5DBBDE736932} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4251146819-3009193670-3402536777-1000Core => C:\Users\DaveandSuzie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {47AEE707-ED9D-4756-8893-CD5B93C1B33E} - System32\Tasks\{E52AB377-B5AC-443C-ABB8-70738A95ABEE} => C:\Users\DaveandSuzie\AppData\Local\EnglishHarbourCasino\Bin\CasinoApp.exe
Task: {58A2A21D-184E-4595-B4F8-828DED024361} - System32\Tasks\{6679F1FF-271A-411E-B721-54E971F73563} => pcalua.exe -a "C:\Users\DaveandSuzie\Downloads\Avery Wizard 3.1.5.exe" -d C:\Users\DaveandSuzie\Downloads
Task: {5959B371-6604-490A-81C9-95490ACABF3D} - System32\Tasks\{9C069F07-42F5-464B-B9A2-ACAB16BCDA16} => C:\Users\DaveandSuzie\AppData\Local\EnglishHarbourCasino\Bin\CasinoApp.exe
Task: {5EF16E73-25D9-4D92-927E-89121850EC30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {64577BED-130D-4EAE-ADF1-760AD268BFEB} - System32\Tasks\RunAsStdUser Task => C:\Users\DaveandSuzie\AppData\Local\PlayVolcanoSA\bin\1.0.10.0\PlayVolcanoSA.exe
Task: {649569E2-1F1D-4226-8C81-E44A76ED8E7C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4251146819-3009193670-3402536777-1000UA => C:\Users\DaveandSuzie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7453B983-BAB6-4FC1-B8D2-52F68963565E} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
Task: {7508F18F-ACE9-4B3E-8AE0-6A006B2DC264} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {7632478E-8AA9-462C-B014-B35CD34765A6} - System32\Tasks\{9113B2C6-CDFC-46F1-8D39-DD25DAF7B349} => C:\Users\DaveandSuzie\AppData\Local\VIPSlotsCasino\Bin\CasinoApp.exe
Task: {7EC44A46-307B-4D8D-9899-B6A074826CDB} - System32\Tasks\{4AA4B523-43E0-48BA-AC8D-0EF8C6956BBE} => Chrome.exe
Task: {8587AC13-9D77-4368-AEAC-D8776D6411BD} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {89D5B2CE-8378-4439-8D6B-90F971B2C948} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {8E328A9C-A6F5-4B63-8301-8AD10104EB5E} - System32\Tasks\{AFE7F63B-D6E9-4B44-927E-D79E69216300} => C:\Program Files (x86)\Warzone 2100-3.1_rc3\warzone2100.exe
Task: {8F8C5415-C5AA-4D78-A03C-0E217B5AA8C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {93D78062-C24C-463A-AE39-E0344BE912FF} - System32\Tasks\{3E499885-51C7-45F6-94EF-3113A50351C0} => C:\Program Files (x86)\Warzone 2100-3.1_rc3\warzone2100.exe
Task: {96AB33E1-D662-4DF9-A102-E76DFE01A0B6} - System32\Tasks\{641E2960-CC66-4B28-A5FF-51B897D62DBF} => C:\Users\DaveandSuzie\AppData\Local\EnglishHarbourCasino\Bin\CasinoApp.exe
Task: {A0DB09BE-8837-4265-92AF-7A1BDDBB7D55} - System32\Tasks\HPCeeScheduleForDaveandSuzie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A1344F61-AD37-4333-A0CD-7CC9ADFF2282} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {A49AF05D-1715-4C83-BD3C-95DDC7B14947} - System32\Tasks\{0FB9CF56-F49D-487B-BCDE-3C364CCB1011} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {AC4BFE32-1F4C-4A91-9E8C-C783E6486D9F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4251146819-3009193670-3402536777-1000UA1cfff4ab7e2bad0 => C:\Users\DaveandSuzie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B2D1C104-8F88-44C9-95B1-866B9B043562} - System32\Tasks\{1DEB86FC-AD41-49D2-A918-CFE977ACB898} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {B3CF0D7A-B014-4ED2-9EF6-87BE46962B7D} - System32\Tasks\{F4CA03CC-D3D0-467C-92E0-B1A2A667B593} => C:\Program Files (x86)\RichCasino\clientbrowser.exe
Task: {BE83CE56-B7BF-4856-88F8-9402BE3D1A90} - System32\Tasks\{3FA40FE1-7064-4FBA-B6ED-695A15BF9A12} => C:\Users\DaveandSuzie\AppData\Local\EnglishHarbourCasino\Bin\CasinoApp.exe
Task: {C39DFA44-EC57-4D05-A0CC-2C9AF1D2D667} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {C95B3E7E-B883-4778-8BC9-B8D6942B8584} - System32\Tasks\{BBE60FC3-5506-4E54-8A05-F92795010BD8} => pcalua.exe -a E:\Installer.exe -d E:\
Task: {DC3F5C86-D29F-4C4B-9FB1-E7642D8A4362} - System32\Tasks\{01B10829-6AF1-4C04-882F-EDA4120A69B6} => C:\Users\DaveandSuzie\AppData\Local\VIPSlotsCasino\Bin\CasinoApp.exe
Task: {DD0D8767-BB77-4805-B68B-F36271181E94} - System32\Tasks\Amazon Music Helper => C:\Users\DaveandSuzie\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
Task: {ED81334A-99A1-4EFA-83FA-281DC909ED34} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {F28EC67A-348C-43C8-8821-E9D7E4AD421C} - System32\Tasks\{6C822BEF-9BDB-41F8-93DA-A1E892F0036B} => C:\Users\DaveandSuzie\AppData\Local\VIPSlotsCasino\Bin\CasinoApp.exe
Task: {F7047211-78E3-4D9B-A6D2-63A664A0533B} - System32\Tasks\{3804FE1F-C2DF-4A4B-B383-A7189F810980} => C:\Program Files (x86)\Warzone 2100-3.1_rc3\warzone2100.exe
Task: {FCFEE098-A50E-4D4A-A998-B961DA8ED079} - System32\Tasks\{61E4631D-4A86-4C16-A622-0A3BA71963EB} => C:\Users\DaveandSuzie\AppData\Local\EnglishHarbourCasino\Bin\CasinoApp.exe
Task: {FE1ECC29-9EB9-4740-A9ED-5C1F37EC6D65} - System32\Tasks\{3B2C1750-6A92-4264-AB5B-28DE1760CBD1} => C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe [2009-07-23] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4251146819-3009193670-3402536777-1000Core.job => C:\Users\DaveandSuzie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4251146819-3009193670-3402536777-1000UA.job => C:\Users\DaveandSuzie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4251146819-3009193670-3402536777-1000UA1cfff4ab7e2bad0.job => C:\Users\DaveandSuzie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDaveandSuzie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-03-04 23:59 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-04 11:36 - 2010-01-04 11:36 - 00078136 _____ () C:\Program Files\MozyHome\librs2.dll
2009-07-08 16:35 - 2009-07-08 16:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2008-02-08 15:25 - 2008-02-08 15:25 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-05-26 03:36 - 2009-05-26 03:36 - 00656896 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
2013-08-31 07:31 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-08-31 07:31 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-08-31 07:31 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-08-31 07:31 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-08-31 07:31 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-12-01 19:49 - 2009-12-01 19:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4251146819-3009193670-3402536777-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DaveandSuzie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk => C:\Windows\pss\MozyHome Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^DaveandSuzie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Amazon Cloud Player => C:\Users\DaveandSuzie\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\DaveandSuzie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SkyDrive => "C:\Users\DaveandSuzie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{098909F5-D11D-4D57-B0A3-DD88410555CC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{CFC001F2-4C5E-456A-8DD5-327EF3F9AEE1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{15F695B8-1011-452C-BEAD-0783A7407D4D}] => (Allow) svchost.exe
FirewallRules: [{0DA12491-79DC-4657-9C6E-93E977376783}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{73FB7448-E047-4676-B52B-C5C3CA289FDD}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Service\Update Service.exe
FirewallRules: [{E6501473-F116-46F1-9FD3-80B50D7ADD2F}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Service\Update Service.exe
FirewallRules: [{3E81D6A4-E88A-47A6-B5ED-AFF0FB869C04}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{BE4D80DA-95CA-41B8-8019-14261C76A2CC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{581F1882-A5C7-417F-BF17-931F933C7793}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{751EDA81-9507-4084-BD36-90B982F0BB8F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{881E3934-C54A-48B3-B65C-6DED8A6BD944}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [TCP Query User{B7F435A4-7C2D-491B-A0B7-930C7A633DD3}C:\users\daveandsuzie\appdata\local\betonsoft\lucky creek\code\win32\vc80\release\gamehost\gameclient.exe] => (Allow) C:\users\daveandsuzie\appdata\local\betonsoft\lucky creek\code\win32\vc80\release\gamehost\gameclient.exe
FirewallRules: [UDP Query User{8D5DB71F-F08C-4291-BD88-4E35CDA39116}C:\users\daveandsuzie\appdata\local\betonsoft\lucky creek\code\win32\vc80\release\gamehost\gameclient.exe] => (Allow) C:\users\daveandsuzie\appdata\local\betonsoft\lucky creek\code\win32\vc80\release\gamehost\gameclient.exe
FirewallRules: [{008AB504-7B80-4705-9BCC-08E33A56070D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{A3318F06-AA88-43AB-9A24-3918142B10EF}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{B6B74827-DAA4-4926-8135-0D93ED8B1448}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{88916E2F-B7AB-4DCF-8A95-BF29D717910B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{BF85815B-2FFF-4EE9-9A06-111EFDF8680F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{DD02BC8F-4E96-4B0D-B40A-2D57ADBF3915}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{FC2336CF-8A8D-433C-B750-FF7DB56EEBB0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{F8C388B5-E92C-44C2-B502-639B1A3425A0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{82D056A3-F014-45EE-A624-EC9698FA82AB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{0FACA8CA-89DC-40E4-9C99-5ED8C643C1AB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{8DAF9B45-06B1-4914-A983-5CF4377602EC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1778BFBC-D446-4071-8316-95E8C7E75627}] => (Allow) LPort=9322
FirewallRules: [{0A57E734-5E30-4686-8331-A26F32350F6B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CBC22EB0-ADAB-4683-B1C3-6B48CEA96C8F}] => (Allow) LPort=2869
FirewallRules: [{BD2CDBF6-2605-4961-B9AB-111CEB339EB9}] => (Allow) LPort=1900
FirewallRules: [{2D6AF2AD-AEA3-4C80-BCE7-992F5042E9F4}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{51AB94D3-C1C9-49BC-A53A-C7819EDA5EFD}] => (Allow) %ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe
FirewallRules: [{B1425683-E564-4DF9-A0ED-542F998506E6}] => (Allow) C:\Program Files (x86)\DirecTV\DirecTV\DIRECTV2PC™.exe
FirewallRules: [{2522F195-D0D2-47EC-9F33-406602FE9BE8}] => (Allow) C:\Program Files (x86)\DirecTV\DirecTV\VDTV.exe
FirewallRules: [{D5B0C110-7CE8-4A51-B84A-C12C544294C6}] => (Allow) C:\Program Files (x86)\DirecTV\DirecTV\Kernel\CLML\VDTVRec.exe
FirewallRules: [{41EF612F-A894-4B26-B405-8DDDE7EFF6B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{4C3D0BD5-6740-4434-8194-5024B967993B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D6D4C7D8-8FA3-4464-A854-2069F48E4AC8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{2AB253A7-DE89-4E72-8DDA-9555348F64D1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D8F26534-DB45-4D12-AB7C-A116F9117161}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{42A0D9AE-1EFC-4DAE-B5E0-45A5C0DD0558}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{E49D8072-77BD-4D85-ABC2-2CDE871248D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{44526B23-E52E-433E-884B-3CED073A12E0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{EA80D41C-9B7B-4C29-A372-896E6CE31B4F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{9E7621F8-AC65-4BC1-9E53-1DEE5981F08F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F8237D98-5E6C-4583-8C93-F4110A3F6A51}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{2142336B-EEA3-4C64-8131-E74F558AC614}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{AFFE5372-E051-46E6-814F-C6E2001928D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BE12C659-629E-4824-97CA-2455B0CB749F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{E622490B-E7D2-4028-8D4B-E0E8379DEC58}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E67E3A7E-7A70-448C-B739-1BB5C49CEC5D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{836AF019-C25A-4811-838E-FCB498F1DE4C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{434973C0-0A94-4FF0-AFB7-9418290E739D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{9AD8D1B1-C04D-4FC9-A8DB-5E2130987F56}] => (Allow) %ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe
FirewallRules: [{1A85B42E-C808-4BA9-A8CC-89377CB26BAC}] => (Allow) C:\Users\DaveandSuzie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{18EA4B82-4103-43EA-97E8-1E86ABA6BFE0}] => (Allow) C:\Users\DaveandSuzie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{4CD96291-F5FC-4795-BEC5-5E32503E3981}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8FFF3B8D-E821-4541-BE52-6FCA571D9383}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6DF50D14-B5A2-4148-A054-9214D337FEC4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{D0D03FEA-5C74-4EB1-A952-A1775C6FB73A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DC72F9E9-6D92-4418-80C1-5E1C28019271}] => (Allow) C:\Users\DaveandSuzie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{BA86DE5D-6A24-47C2-A7BD-4CE3BCE4A8B6}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [UDP Query User{AE081FF4-693B-44E5-A7DA-F33B7F11E517}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [{16AF80E5-C1CB-4E91-9AFD-5706F4E18E12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DC66558-0DFB-4512-88CB-3D84BBCE3300}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3F388889-F244-4A1C-9751-5330E1F566D2}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{4636C6B8-8A9D-413F-9AD6-69F9FC20F51E}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{29817264-67CD-4828-9A8D-62B79EF08F61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A67F8FFF-9BE0-4524-8941-EA58F7963DE7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A388F047-3F07-43C8-BF8A-8BF1A83D26CF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{C607060E-1D55-4612-ACEF-709E2BE0D818}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2015 06:44:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4
Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58
Exception code: 0x80000003
Fault offset: 0x0000ed50
Faulting process id: 0xccc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/09/2015 06:44:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 42.0.0.5780 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1638

Start Time: 01d132db3edb40b0

Termination Time: 16

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: b2a733f1-9ece-11e5-a95b-002618f7d109

Error: (12/09/2015 05:02:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.1.18.91, time stamp: 0x51949fc0
Faulting module name: KERNELBASE.dll, version: 6.1.7601.19045, time stamp: 0x56258f05
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x14a4
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3

Error: (12/09/2015 05:02:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f8,(null),0,REG_BINARY,0000000000ECEFA0.72).  hr = 0x80070005, Access is denied.
.

Error: (12/09/2015 05:02:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f4,(null),0,REG_BINARY,0000000000D9DDC0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c426587f-6efd-4a05-b06c-66498e04cde5}

Error: (12/09/2015 05:02:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000071c,(null),0,REG_BINARY,0000000011FBDEB0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {29baf83b-c132-4697-b2f4-17938871fbd3}

Error: (12/09/2015 05:02:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001a8,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,00000000023CF370.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {4e82702b-ccc7-48a7-acca-6bbd1956a186}

Error: (12/09/2015 05:02:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000000001FEEDE0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9d279382-d428-4135-a438-681be1a0b92a}

Error: (12/09/2015 05:02:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000194,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,00000000022EEB20.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {f7dfafaa-a1eb-44f1-8909-a50def7311ba}

Error: (12/09/2015 05:02:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f4,(null),0,REG_BINARY,0000000000D9DDC0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c426587f-6efd-4a05-b06c-66498e04cde5}


System errors:
=============
Error: (12/12/2015 12:32:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/12/2015 12:32:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:29:14 PM on ‎12/‎12/‎2015 was unexpected.

Error: (12/12/2015 12:25:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (12/12/2015 12:17:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/12/2015 12:17:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (12/12/2015 12:17:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (12/12/2015 12:16:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (12/12/2015 12:16:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (12/12/2015 12:15:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.

Error: (12/12/2015 12:14:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:58:12 AM on ‎12/‎12/‎2015 was unexpected.


CodeIntegrity:
===================================
  Date: 2015-08-01 19:19:28.397
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 19:19:28.390
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 19:19:28.365
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 19:19:28.331
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 19:19:25.736
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 19:19:25.729
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 19:19:25.678
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 19:19:25.670
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 19:19:25.578
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-01 19:19:25.570
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 215 Processor
Percentage of memory in use: 55%
Total physical RAM: 3966.49 MB
Available physical RAM: 1763.43 MB
Total Virtual: 7931.19 MB
Available Virtual: 5293.27 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:323.15 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.13 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Thanks for your attention.

Dave423


Edited by dave423, 15 December 2015 - 06:45 AM.

  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


While I don't see anything obviously malicious, I'd like to run a couple more scans due to the errors outlined.


gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!
When the pre-scan is completed, please do the following:
  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.
Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.


Best,

Radek
  • 0

#3
dave423

dave423

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Hi Naat. Thanks for helping me. You may call me Dave, if you like. Here's the scan from GMER.

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-12-19 10:05:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005b ST350041 rev.HP22 465.76GB
Running: 5653zybw.exe; Driver: C:\Users\DAVEAN~1\AppData\Local\Temp\axxdqfog.sys


---- Registry - GMER 2.1 ----

Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00027220e2e8                      
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002761bf162                      
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected]         0x34 0x25 0x20 0x7D ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected]         0x25 0x03 0x8A 0x99 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected]         0x78 0xB3 0x21 0xDF ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected]         0x50 0x2E 0x94 0x21 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected]         0xB7 0xE5 0xAE 0xBC ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00027220e2e8 (not active ControlSet)  
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002761bf162 (not active ControlSet)  
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected]             0x34 0x25 0x20 0x7D ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected]             0x25 0x03 0x8A 0x99 ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected]             0x78 0xB3 0x21 0xDF ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected]             0x50 0x2E 0x94 0x21 ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected]             0xB7 0xE5 0xAE 0xBC ...

---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----

Thanks again.

Dave


  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Apologies for a little delay, I was stuck at the airports whole day due to the cancelled fligts. One thing worth checking.



MbrScan.png Scan with MBRScan

Please download MbrScan by Eric_71 and save it to your desktop.
  • Right-click on MbrScan.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • First click Scan at the upper bar.
  • When the table will get filled with data, click Report.
  • A log (MbrScan.txt) will open in notepad.
Please include the contents of that file in your reply. Due to special formatting, post it directly and not attach!
There will be also a file named Dump_Hdd*_DR*.mbr on your desktop. Do not click on it or delete it!
  • 0

#5
dave423

dave423

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

I have been stranded in an airport before. I don't mind it too much, but it drives my wife nuts. Sorry you had trouble.

Here's the scan you requested. I'm having to run the scans in the safe mode or the computer freezes.

MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
BOOT           : Safe Boot with network
DATE           : 2015/12/21 (ISO 8601) at 20:48:12
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST350041 8AS (HP22)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0    465.8 Go  [Fixed] ==> HP Recovery Manager .

MBR_MD5   : 1438D3EA5BDDB5775C1379E9FDF6A4C6
MBR_SHA1  : 25428E1873E313FA32E0ABDD795322F553704891

Device\Harddisk0\Partition1    100.0 Mo      0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2    453.7 Go      0x07 NTFS / HPFS
Device\Harddisk0\Partition3    11.94 Go      0x07 NTFS / HPFS
Device\Harddisk0\Partition4    11.94 Go      0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x02A04000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BA5000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_AuthenticAMD.dll => Invisible on the disk
ADDRESS : 0x00C1C000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00C3D000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00C9B000
SIZE    : 468.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00D10000
SIZE    : 776.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00DD2000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00E21000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00E78000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00E81000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00E8B000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00EBE000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00ECB000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00EE0000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00EF5000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00F51000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nvstor64.sys => Invisible on the disk
ADDRESS : 0x00F6B000
SIZE    : 248.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\storport.sys => Invisible on the disk
ADDRESS : 0x010C2000
SIZE    : 400.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01126000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01131000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x0117D000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01253000
SIZE    : 1.66 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01444000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x014B6000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x014C7000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x014D1000
SIZE    : 972.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x0105E000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x015C4000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 2.00 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x00FA9000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01882000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x018D6000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01910000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01922000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x0192B000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01965000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x0197B000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x01851000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x0185A000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x01861000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x019C3000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x019E8000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x0186F000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x015EF000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x01411000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x01433000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x02E18000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x02EA1000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x02EE6000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x02EEF000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x02F15000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x02F24000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x02F75000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x02F81000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x02F9F000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbohci.sys => Invisible on the disk
ADDRESS : 0x02FC5000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x01191000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x02FD0000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x0121B000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nvmf6264.sys => Invisible on the disk
ADDRESS : 0x030D8000
SIZE    : 328.0 Ko

DRIVER  : C:\Windows\system32\drivers\cdrom.sys => Invisible on the disk
ADDRESS : 0x0312A000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x03154000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x03165000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x03175000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x03180000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x03196000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x031BA000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x031C6000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x03000000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x0301B000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x0303C000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x03056000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x0306A000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x03079000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\seehcri.sys => Invisible on the disk
ADDRESS : 0x03088000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x03094000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x03281000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x032C4000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x032D6000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x03330000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x03345000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_diskdump.sys => Invisible on the disk
ADDRESS : 0x03353000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_nvstor64.sys => Invisible on the disk
ADDRESS : 0x0335D000
SIZE    : 248.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x0339B000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00010000
SIZE    : 3.14 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x033AE000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxg.sys => Invisible on the disk
ADDRESS : 0x00480000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x033BA000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x033D7000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x033D9000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x033E7000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x03200000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdhid.sys => Invisible on the disk
ADDRESS : 0x03209000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x03217000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00610000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\framebuf.dll => Invisible on the disk
ADDRESS : 0x008A0000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbprint.sys => Invisible on the disk
ADDRESS : 0x03224000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\dot4usb.sys => Invisible on the disk
ADDRESS : 0x03230000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Dot4.sys => Invisible on the disk
ADDRESS : 0x03240000
SIZE    : 160.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x03096000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x030B1000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x03268000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x0448F000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x044DD000
SIZE    : 144.0 Ko

DRIVER  : C:\Users\DAVEAN~1\AppData\Local\Temp\axxdqfog.sys => Invisible on the disk
ADDRESS : 0x04501000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x483A0000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN  SAFEBOOT:NETWORK  SOS  BOOTLOG  NOGUIBOOT  BOOTLOGO

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 8E C0 8E D8 8B F4 BF 00   3À.м.|û.À.Ø.ô¿.
0x00000010   06 B9 00 02 FC F3 A4 EA 60 06 00 00 00 00 00 00   .¹..üó¤ê`.......
0x00000020   52 65 63 6F 76 65 72 79 4D 67 72 20 00 40 BA 38   RecoveryMgr [email protected]º8
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 0A   ................
0x00000050   00 00 00 00 57 00 00 00 FF FF FF FF FF FF FF FF   ....W...........
0x00000060   86 4C BD BE 30 06 AC B4 0E 33 DB CD 10 0A C0 75   .L½¾0.¬´.3ÛÍ..Àu
0x00000070   F5 E3 0B FE 06 13 06 53 53 E8 70 00 EB 39 B4 11   õã.þ...SSèp.ë9´.
0x00000080   CD 16 74 2D B4 10 CD 16 80 FC 85 75 F1 3C 00 75   Í.t-´.Í..ü.uñ<.u
0x00000090   ED EB 24 8B 16 6C 04 FA 66 A1 1C 06 BF 54 06 B1   íë$..l.úf¡..¿T.±
0x000000A0   03 F2 66 AF FB 3D 00 00 6C 04 2B C2 83 F8 24 76   .òf¯û=..l.+Â.ø$v
0x000000B0   E6 B0 01 84 C0 75 1C BB C6 7D 66 8B 37 66 8B 3E   æ°..Àu.»Æ}f.7f.>
0x000000C0   2C 06 66 3B F7 74 07 80 C3 10 73 EE EB 05 BB 28   ,.f;÷t..Ã.sîë.»(
0x000000D0   06 EB 10 BB C2 7D 80 7F FC 00 78 07 80 C3 10 73   .ë.»Â}..ü.x..Ã.s
0x000000E0   F5 EB FE 66 FF 77 04 E8 02 00 FF E4 C8 10 00 00   õëþf.w.è...äÈ...
0x000000F0   B4 08 B2 80 CD 13 8A C1 24 3F FE C6 8A D8 F6 E6   ´.².Í..Á$?þÆ.Øöæ
0x00000100   C0 E9 06 86 CD 41 91 F7 E1 39 56 06 8B 56 06 8B   Àé..ÍA.÷á9V..V..
0x00000110   46 04 73 1C F7 F1 91 92 F6 F3 86 CD C0 E1 06 02   F.s.÷ñ..öó.ÍÀá..
0x00000120   CC 41 8A F0 B8 01 02 BB 00 7C 86 26 13 06 EB 14   ÌA.ð¸..».|.&..ë.
0x00000130   83 C4 10 0E 0E 52 50 0E 68 00 7C 6A 01 6A 10 8B   .Ä...RP.h.|j.j..
0x00000140   F4 B8 00 42 B2 80 CD 13 C9 C2 04 00 1E 50 53 0E   ô¸.B².Í.ÉÂ...PS.
0x00000150   1F BB 1B 06 A0 17 04 24 0F 88 47 04 E4 60 3C E0   .».....$..G.ä`<à
0x00000160   74 1A 3C 1D 74 10 3C 2A 74 0C 3C 36 74 08 3C 38   t.<.t.<*t.<6t.<8
0x00000170   74 04 84 C0 79 06 66 83 27 00 EB 06 FE 07 02 1F   t..Ày.f.'.ë.þ...
0x00000180   88 07 5B 58 1F EA 00 00 00 00 00 00 00 00 00 00   ..[X.ê..........
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 32 F2 49 15 00 00 80 20   ........2òI....
0x000001C0   21 00 07 A3 13 0D 00 08 00 00 00 20 03 00 00 A3   !..£....... ...£
0x000001D0   14 0D 07 EF FF FF 00 28 03 00 00 18 B7 38 00 00   ...ï...(....·8..
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EF   ...............ï
0x000001F0   FF FF 07 EF FF FF 00 40 BA 38 00 18 7E 01 55 AA   ...ï[email protected]º8..~.Uª

 

---------------------------------

Thanks again,

Dave


  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

I have been stranded in an airport before. I don't mind it too much, but it drives my wife nuts. Sorry you had trouble.


Don't even tell me :lol:

Instead of having two flights with one layover, I had to catch a bus to travel to the next airport, change the booking and catch 3 different planes to travel just 1100 km's. It was my worst trip ever.


Can you provide me some more description of your machine? Is it a PC/Laptop? What brand/model? Do you have any idea what is the brand of the BIOS and some basic hardware?
  • 0

#7
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP