Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please Help! Virus (Possible rootkit) - No internet access!

Started by GoBerserkMode , Dec 13 2013 02:34 PM

Please log in to reply

#1
GoBerserkMode

Posted 13 December 2013 - 02:34 PM

Member

Member
40 posts

System is very slow. I have no internet access, and just feel like my system has been compromised! Please help! I also have a combofix log attached, if that helps anything. I do not have access to an install disc. Thanks for your time!

------------------------------------------------------

OTL logfile created on: 12/13/2013 1:09:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bev\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.48 Gb Total Physical Memory | 4.17 Gb Available Physical Memory | 76.03% Memory free
10.96 Gb Paging File | 9.64 Gb Available in Paging File | 87.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.75 Gb Total Space | 506.81 Gb Free Space | 87.87% Space Free | Partition Type: NTFS
Drive D: | 15.25 Gb Total Space | 1.66 Gb Free Space | 10.91% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 3.95 Gb Free Space | 99.75% Space Free | Partition Type: FAT32
Drive G: | 15.09 Gb Total Space | 15.09 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: BEV-HP | User Name: Bev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/13 02:15:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bev\Desktop\OTL.exe
PRC - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2013/11/28 23:28:32 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/07 21:38:59 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/09/15 18:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/05 11:27:04 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/16 18:57:44 | 001,083,680 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/02/16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (lltdsvc)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/18 21:07:06 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/02/07 21:36:38 | 002,424,424 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/07 21:38:59 | 000,528,896 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/02/07 21:37:54 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/02/07 21:36:38 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/09/30 16:13:46 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/09/15 18:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/15 17:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/21 07:40:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/21 07:40:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/16 03:26:14 | 000,133,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011/06/14 18:44:56 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/06/14 18:44:46 | 000,165,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/06/14 18:44:40 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/21 00:49:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/04/16 03:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 03:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/03/30 15:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/02/14 02:17:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/16 12:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/31 12:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/17 18:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{A00CD85D-EE12-47FB-A27C-F08884C7A662}: "URL" = http://www.amazon.ca...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{A00CD85D-EE12-47FB-A27C-F08884C7A662}: "URL" = http://www.amazon.ca...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...aJ6TniAKE_IDQAg
IE - HKCU\..\SearchScopes,DefaultScope = {49B604D7-45B8-4E5E-A635-FB4AE9A4A29E}
IE - HKCU\..\SearchScopes\{0385B9FA-E600-4860-891E-18F96D944BEF}: "URL" = http://websearch.ask...5C-DEB2BA66CBEF
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{49B604D7-45B8-4E5E-A635-FB4AE9A4A29E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{A00CD85D-EE12-47FB-A27C-F08884C7A662}: "URL" = http://www.amazon.ca...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...ox&a=ICfekUprcd
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{F2E3AE61-5971-49D7-83CF-CFB4FEC83D21}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/07/18 20:54:16 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

========== Chrome ==========

CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://ca.search.yah...p={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://mystart.incre...il.com/isearch/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Dragon NaturallySpeaking Rich Internet Application Support = C:\Users\Bev\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Bev\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\

O1 HOSTS File: ([2013/12/11 21:09:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe (Oberon Media )
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Broken Internet access at catalog 000000000006
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/13 12:55:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bev\Desktop\OTL.exe
[2013/12/11 21:57:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Bev\Desktop\dds.com
[2013/12/11 21:19:02 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Roaming\Malwarebytes
[2013/12/11 21:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/11 21:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/11 21:18:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/11 21:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/11 21:17:43 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Local\Programs
[2013/12/11 21:15:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/11 21:09:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/11 19:58:09 | 013,086,648 | ---- | C] (IObit ) -- C:\Users\Bev\Desktop\driverbooster-cnet-setup.exe
[2013/12/11 19:05:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/11 19:05:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/11 19:05:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/11 19:04:40 | 005,153,140 | R--- | C] (Swearware) -- C:\Users\Bev\Desktop\ComboFix.exe
[2013/12/11 18:51:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/11 18:51:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/12/06 17:07:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/12/06 00:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2013/11/28 03:27:40 | 000,000,000 | ---D | C] -- C:\284b150cfa7739fc4a
[2012/02/09 14:49:54 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\AppFramework.dll
[2012/02/09 14:49:54 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
[2012/02/09 14:49:54 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files (x86)\Common Files\FlickrProvider.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/13 12:47:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/13 02:15:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bev\Desktop\OTL.exe
[2013/12/11 21:39:26 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Bev\Desktop\dds.com
[2013/12/11 21:18:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/11 21:15:52 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/11 21:15:52 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/11 21:09:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/11 21:06:07 | 117,628,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/11 20:01:32 | 000,819,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/11 20:01:32 | 000,692,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/11 20:01:32 | 000,137,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/11 19:53:28 | 013,086,648 | ---- | M] (IObit ) -- C:\Users\Bev\Desktop\driverbooster-cnet-setup.exe
[2013/12/11 18:56:12 | 005,153,140 | R--- | M] (Swearware) -- C:\Users\Bev\Desktop\ComboFix.exe
[2013/12/07 09:04:24 | 303,105,017 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/06 16:55:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/06 16:13:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/06 13:09:29 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBev.job
[2013/12/06 00:32:36 | 000,002,177 | ---- | M] () -- C:\Users\Bev\Desktop\HP Support Assistant.lnk
[2013/12/06 00:18:03 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/04 10:58:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/11/28 23:28:33 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/28 23:28:32 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/27 21:36:55 | 000,010,713 | ---- | M] () -- C:\Users\Bev\Desktop\minecraftimages_zps32c22d75.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/13 12:55:54 | 000,377,856 | ---- | C] () -- C:\Users\Bev\Desktop\gmer.exe
[2013/12/11 21:18:40 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/11 19:05:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/11 19:05:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/11 19:05:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/11 19:05:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/11 19:05:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/12/06 17:07:26 | 303,105,017 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/12/06 00:32:36 | 000,002,177 | ---- | C] () -- C:\Users\Bev\Desktop\HP Support Assistant.lnk
[2013/12/04 10:58:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/11/28 23:28:33 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/28 23:28:32 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/27 21:37:40 | 000,010,713 | ---- | C] () -- C:\Users\Bev\Desktop\minecraftimages_zps32c22d75.jpg
[2013/08/05 15:44:39 | 000,002,475 | ---- | C] () -- C:\Users\Bev\AppData\Roaming\SAS7_000.DAT
[2012/02/10 19:12:58 | 000,000,008 | RHS- | C] () -- C:\ProgramData\F081BF6BC0.sys
[2012/02/09 14:49:54 | 000,402,800 | ---- | C] () -- C:\Program Files (x86)\Common Files\facebook.dll
[2012/02/09 14:49:54 | 000,148,177 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2012/02/09 14:49:54 | 000,130,416 | ---- | C] () -- C:\Program Files (x86)\Common Files\PluginCommon.dll
[2012/02/08 22:18:17 | 000,000,066 | ---- | C] () -- C:\Windows\SysWow64\HYSBUAYB.SYS
[2012/02/07 22:14:06 | 000,005,120 | ---- | C] () -- C:\Users\Bev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/07 22:14:01 | 000,005,224 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/07 21:37:59 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012/02/07 19:00:31 | 000,805,630 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/07 18:54:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/27 08:24:39 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\.minecraft
[2012/05/24 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Clockwork Pixels
[2013/02/23 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\dingogames
[2013/08/27 00:23:08 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\FamilyTreeMaker
[2013/04/15 11:08:35 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\IDT
[2012/02/10 19:07:58 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Jasc
[2013/08/03 11:30:46 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Nuance
[2013/10/20 08:19:14 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Oberon Media
[2012/09/04 10:17:26 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Ozzy Bubbles
[2013/08/19 20:03:54 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\SoftGrid Client
[2013/02/22 13:38:17 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Super-Cow
[2012/02/06 17:03:04 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Synaptics
[2012/02/07 19:01:10 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\TP
[2013/07/27 14:49:32 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\TuneUp Software
[2012/02/10 19:16:24 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Ulead Systems
[2012/02/10 16:11:18 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 957 bytes -> C:\Users\Bev\Documents\Your IncrediGames Games Order #108511510.eml:OECustomProperty
@Alternate Data Stream - 380 bytes -> C:\ProgramData\Temp:FEE5129B
@Alternate Data Stream - 368 bytes -> C:\ProgramData\Temp:5D96AD1A
@Alternate Data Stream - 366 bytes -> C:\ProgramData\Temp:0BEC8379
@Alternate Data Stream - 364 bytes -> C:\ProgramData\Temp:A700ABC5
@Alternate Data Stream - 356 bytes -> C:\ProgramData\Temp:A7F5A65E
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:0FF263E8
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:3FD02B38
@Alternate Data Stream - 179 bytes -> C:\ProgramData\Temp:100384F2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:B8CD998E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:89477489
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:FBFC061F

< End of report >

Attached Files

ComboFix.txt 65.14KB 134 downloads

#2
RKinner

Posted 13 December 2013 - 05:54 PM

Malware Expert

Expert
24,625 posts

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 - File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Broken Internet access at catalog 000000000006
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found

Above is probably your access problem.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then first do the stuff in the quote box. Otherwise skip to the next step:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

After scannow finishes then do in the same command window:

netsh  winsock  reset  catalog

netsh  int  ipv4  reset  %userprofile%\Desktop\reset4.log

Reboot and see if things have improved. IF not I need another OTL scan.

#3
GoBerserkMode

Posted 14 December 2013 - 03:18 PM

Member

Topic Starter
Member
40 posts

Hi there! Thankyou for taking the time to help me!

I have done all steps in the above post, and things, unfortunetly are still the same... If I go look at my services that are running, DHCP Client is stuck on "starting".

I've attached the junk.txt log.

Attached Files

junk.txt 73.62KB 121 downloads

#4
RKinner

Posted 14 December 2013 - 05:02 PM

Malware Expert

Expert
24,625 posts

Does an OTL scan still show the missing files in the O10 section?

Open a Command Window as before and type:

ipconfig  /all  > \junk.txt
net start  >>  \junk.txt

then I need to see the file at c:\junk.txt

#5
GoBerserkMode

Posted 14 December 2013 - 08:27 PM

Member

Topic Starter
Member
40 posts

All 4 of the o10 errors are still there in a new OTL scan.

I've attached junk.txt

In the meantime, I am going to try reinstalling the wireless adapter driver, see if that does anything.

EDIT: I reinstalled both the LAN and Wifi drivers, and still no dice.

Attached Files

junk.txt 3.13KB 132 downloads

Edited by GoBerserkMode, 14 December 2013 - 09:22 PM.

#6
RKinner

Posted 15 December 2013 - 01:25 AM

Malware Expert

Expert
24,625 posts

Media State . . . . . . . . . . . : Media disconnected

Is there an Ethernet cable plugged in? Generally it is easier to get a wired connection to work.

There is no sign of a wireless adapter in your ipconfig.

I do not see DNS client in the net start list but you do have DHCP Client which has the same dependencies (+ a third). In the Search box, type: services.msc
then hit Enter then find the DNS Client and right click on it and select Properties. It should have Startup Type: Automatic. If not change it and Apply then try to Start the service. Do you get an error?

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

ipconfig /all > \junk.txt
net start dnscache >> \junk.txt
cd \windows\system32 >> \junk.txt
dir /a pnrpnsp.dll >> \junk.txt
dir /a wshbth.dll >> \junk.txt
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2" /s >> \junk.txt

Move c:\junk.txt to the good PC and post it.

#7
GoBerserkMode

Posted 15 December 2013 - 01:33 PM

Member

Topic Starter
Member
40 posts

I now have the ethernet cable plugged in, still no connection, even though it says Local Area Connection is Enabled. Just frustrating because wireless was working before all of this! I ended up copying winsock1 and winsock2 keys from a working win7 machine, and now DHCP Client is no longer stuck on "starting". DNS Client is set to automatic and has no problems starting as well, however still no working connection.
junk.txt is attached.

As a side question, do you think it is malware causing this, or just the aftermath of a virus?

Attached Files

junk.txt 59.39KB 260 downloads

Edited by GoBerserkMode, 15 December 2013 - 01:39 PM.

#8
RKinner

Posted 16 December 2013 - 02:01 AM

Malware Expert

Expert
24,625 posts

Sorry for the delay. Had a power outage last night and it took out the bootloader. Took a while to get back on line.

We are making a little progress.

Autoconfiguration IPv4 Address. . : 169.254.50.255(Preferred)

IPCONFIG says the wired is connecting but the above indicates that DHCP is not working since we didn't get a valid IP. We expect to see something like 192.168.0.1 or 192.168.1.1 with most routers. 169.254.x.y is one that Windows makes up when it can't get an IP from the router.

DHCP Client service was working OK. You might try stopping it and restarting it:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

net  stop  dhcp
net  start  dhcp

Do you get any errors? If it starts OK then

Try:

ipconfig  /release
ipconfig  /renew

This will tell it to try and get a new IP assigned via DHCP. Does it get a different IP address? Or does it give you an error?

Is OTL still showing the O10 errors now that you have replaced the winsock registry entries?

I can't be sure from OTL if your PC is infected. Let's try FRST.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. (You need the 64 bit version.) If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#9
GoBerserkMode

Posted 16 December 2013 - 07:13 PM

Member

Topic Starter
Member
40 posts

Well glad you got it back up and running!

Funny thing... Now DHCP service will not start. It give an error: Windows could not start the DHCP Client service on Local Computer. Error 5: Access is denied.

After net start dhcp ,

"A system error has occurred.
System error 5 has occurred.
Access is denied."

-Ive attached the updated OTL log. (No O10 errors anymore).
---------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-12-2013 02
Ran by Bev (administrator) on BEV-HP on 16-12-2013 18:09:45
Running from C:\Users\Bev\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Oberon Media ) C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(OldTimer Tools) C:\Users\Bev\Desktop\OTL.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-02-07] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816808 2012-02-07] (Synaptics Incorporated)
HKCU\...\Run: [SearchEngineProtection] - C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2013-10-20] (Oberon Media )
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...aJ6TniAKE_IDQAg
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM - {A00CD85D-EE12-47FB-A27C-F08884C7A662} URL = http://www.amazon.ca...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yah...psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 - {A00CD85D-EE12-47FB-A27C-F08884C7A662} URL = http://www.amazon.ca...s={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yah...psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {0385B9FA-E600-4860-891E-18F96D944BEF} URL = http://websearch.ask...5C-DEB2BA66CBEF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {A00CD85D-EE12-47FB-A27C-F08884C7A662} URL = http://www.amazon.ca...s={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yah...psg&type=HPNTDF
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incre...ox&a=ICfekUprcd
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {F2E3AE61-5971-49D7-83CF-CFB4FEC83D21} URL = http://ca.search.yah...p={SearchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Chrome:
=======
CHR HomePage: hxxp://mystart.incredimail.com/isearch/
CHR RestoreOnStartup: "hxxp://mystart.incredimail.com/isearch/"
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: http://ca.search.yah...p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Bev\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Bev\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
S2 lltdsvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-10-09] (Adobe Systems Incorporated)
U5 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
U5 btwavdt; C:\Windows\System32\Drivers\btwavdt.sys [178728 2011-06-14] (Broadcom Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-16 18:09 - 2013-12-16 18:09 - 00015748 _____ C:\Users\Bev\Desktop\FRST.txt
2013-12-16 18:09 - 2013-12-16 18:09 - 00000000 ____D C:\FRST
2013-12-16 17:36 - 2013-12-16 17:35 - 01927940 _____ (Farbar) C:\Users\Bev\Desktop\FRST64.exe
2013-12-15 12:30 - 2013-12-15 12:30 - 00000082 _____ C:\junk.txt
2013-12-15 12:29 - 2013-12-15 12:29 - 00000164 _____ C:\Windows\system32\junk.txt
2013-12-15 12:28 - 2013-12-15 12:28 - 00000082 _____ C:\Users\Bev\junk.txt
2013-12-14 23:23 - 2013-12-14 23:23 - 00019602 _____ C:\ComboFix.txt
2013-12-14 20:18 - 2013-12-14 20:18 - 00075552 _____ (Microsoft Corporation) C:\Windows\devconx64.exe
2013-12-14 20:18 - 2013-12-14 20:18 - 00000079 _____ C:\Windows\RunDev.bat
2013-12-14 20:18 - 2013-12-14 20:18 - 00000028 _____ C:\Windows\hphwlist.txt
2013-12-14 20:10 - 2013-12-14 20:10 - 00000000 ____D C:\sp55040
2013-12-14 20:10 - 2011-06-10 14:34 - 00539240 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2013-12-14 20:10 - 2011-06-10 14:34 - 00074272 _____ C:\Windows\system32\RtNicProp64.dll
2013-12-14 19:48 - 2013-12-14 19:48 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-12-14 19:47 - 2013-12-14 19:47 - 00000000 ____D C:\Users\Bev\AppData\Roaming\InstallShield
2013-12-14 18:42 - 2013-12-14 19:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-14 18:42 - 2013-12-14 18:42 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-14 18:42 - 2013-12-14 18:42 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-14 18:41 - 2013-12-14 19:23 - 00000000 ____D C:\Users\Bev\Desktop\mbar
2013-12-14 18:41 - 2013-12-14 18:40 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Bev\Desktop\mbar-1.07.0.1008.exe
2013-12-13 12:55 - 2013-12-13 02:15 - 00602112 _____ (OldTimer Tools) C:\Users\Bev\Desktop\OTL.exe
2013-12-13 12:55 - 2013-04-04 09:55 - 00377856 _____ C:\Users\Bev\Desktop\gmer.exe
2013-12-11 21:57 - 2013-12-11 21:39 - 00688992 ____R (Swearware) C:\Users\Bev\Desktop\dds.com
2013-12-11 21:19 - 2013-12-11 21:19 - 00000000 ____D C:\Users\Bev\AppData\Roaming\Malwarebytes
2013-12-11 21:18 - 2013-12-11 21:18 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-11 21:18 - 2013-12-11 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-11 21:18 - 2013-12-11 21:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-11 21:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-11 19:58 - 2013-12-11 19:53 - 13086648 _____ (IObit ) C:\Users\Bev\Desktop\driverbooster-cnet-setup.exe
2013-12-11 19:05 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-11 19:05 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-11 19:05 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-11 19:05 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-11 19:05 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-11 19:05 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-11 19:05 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-11 19:05 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-11 19:04 - 2013-12-11 18:56 - 05153140 ____R (Swearware) C:\Users\Bev\Desktop\ComboFix.exe
2013-12-11 18:51 - 2013-12-14 23:23 - 00000000 ____D C:\Qoobox
2013-12-11 18:51 - 2013-12-11 21:09 - 00000000 ____D C:\Windows\erdnt
2013-12-07 09:04 - 2013-12-07 09:04 - 00340984 _____ C:\Windows\Minidump\120713-15584-01.dmp
2013-12-06 17:23 - 2013-12-06 17:23 - 00340984 _____ C:\Windows\Minidump\120613-16068-01.dmp
2013-12-06 17:07 - 2013-12-07 09:04 - 303105017 _____ C:\Windows\MEMORY.DMP
2013-12-06 17:07 - 2013-12-07 09:04 - 00000000 ____D C:\Windows\Minidump
2013-12-06 17:07 - 2013-12-06 17:07 - 00345168 _____ C:\Windows\Minidump\120613-15490-01.dmp
2013-12-06 00:32 - 2013-12-06 00:32 - 00002177 _____ C:\Users\Bev\Desktop\HP Support Assistant.lnk
2013-12-06 00:26 - 2013-12-06 00:26 - 00000000 ____D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2013-12-04 10:58 - 2013-12-04 10:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-11-28 23:52 - 2013-12-16 17:37 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{459999AC-7366-4FF9-AACE-0A5D76F75300}
2013-11-28 23:31 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-28 23:28 - 2013-11-28 23:28 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-28 23:28 - 2013-11-28 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-28 23:28 - 2013-11-28 23:28 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-28 23:28 - 2013-11-28 23:28 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-28 23:28 - 2013-11-28 23:28 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-28 23:28 - 2013-11-28 23:28 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-28 23:28 - 2013-11-28 23:28 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-28 23:28 - 2013-11-28 23:28 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-28 23:28 - 2013-11-28 23:28 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-28 23:28 - 2013-11-28 23:28 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-28 23:28 - 2013-11-28 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-28 23:26 - 2013-11-28 23:31 - 00007582 _____ C:\Windows\IE11_main.log
2013-11-28 03:27 - 2013-11-28 03:27 - 00000000 ____D C:\284b150cfa7739fc4a
2013-11-27 16:43 - 2013-10-05 13:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-27 16:43 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-27 16:43 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-27 16:43 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-27 16:43 - 2013-10-03 19:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-27 16:43 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-27 16:43 - 2013-10-03 18:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-27 16:43 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-27 16:43 - 2013-10-02 19:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-27 16:43 - 2013-10-02 19:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-27 16:43 - 2013-09-27 18:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-27 16:43 - 2013-09-24 19:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-27 16:43 - 2013-09-24 19:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-27 16:43 - 2013-09-24 19:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-27 16:43 - 2013-09-24 19:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-27 16:43 - 2013-09-24 19:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-27 16:43 - 2013-09-24 19:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-27 16:43 - 2013-09-24 19:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-27 16:43 - 2013-09-24 19:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-27 16:43 - 2013-09-24 18:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-27 16:43 - 2013-09-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-27 16:43 - 2013-09-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-27 16:43 - 2013-09-24 18:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-27 16:43 - 2013-09-24 18:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-27 16:43 - 2013-07-04 05:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-27 16:42 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-27 16:42 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-27 16:42 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-27 16:42 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-27 16:42 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

==================== One Month Modified Files and Folders =======

2013-12-16 18:09 - 2013-12-16 18:09 - 00015748 _____ C:\Users\Bev\Desktop\FRST.txt
2013-12-16 18:09 - 2013-12-16 18:09 - 00000000 ____D C:\FRST
2013-12-16 18:05 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-16 18:05 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-16 18:00 - 2011-09-30 16:11 - 01281112 _____ C:\Windows\WindowsUpdate.log
2013-12-16 17:59 - 2012-02-06 17:13 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-16 17:59 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-16 17:58 - 2012-02-07 22:44 - 00000000 ____D C:\Users\Bev\AppData\Local\CrashDumps
2013-12-16 17:58 - 2009-07-13 22:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-16 17:39 - 2009-07-13 21:51 - 00055848 _____ C:\Windows\setupact.log
2013-12-16 17:37 - 2013-11-28 23:52 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{459999AC-7366-4FF9-AACE-0A5D76F75300}
2013-12-16 17:37 - 2009-07-13 22:13 - 00819648 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-16 17:35 - 2013-12-16 17:36 - 01927940 _____ (Farbar) C:\Users\Bev\Desktop\FRST64.exe
2013-12-15 12:33 - 2013-09-28 15:57 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBev
2013-12-15 12:33 - 2013-09-28 15:57 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForBev.job
2013-12-15 12:30 - 2013-12-15 12:30 - 00000082 _____ C:\junk.txt
2013-12-15 12:29 - 2013-12-15 12:29 - 00000164 _____ C:\Windows\system32\junk.txt
2013-12-15 12:28 - 2013-12-15 12:28 - 00000082 _____ C:\Users\Bev\junk.txt
2013-12-15 12:28 - 2012-04-05 10:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-15 12:28 - 2012-02-06 16:57 - 00000000 ____D C:\Users\Bev
2013-12-15 12:13 - 2012-02-06 17:13 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-14 23:36 - 2010-11-20 20:47 - 00170604 _____ C:\Windows\PFRO.log
2013-12-14 23:23 - 2013-12-14 23:23 - 00019602 _____ C:\ComboFix.txt
2013-12-14 23:23 - 2013-12-11 18:51 - 00000000 ____D C:\Qoobox
2013-12-14 23:20 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2013-12-14 21:23 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Registration
2013-12-14 20:18 - 2013-12-14 20:18 - 00075552 _____ (Microsoft Corporation) C:\Windows\devconx64.exe
2013-12-14 20:18 - 2013-12-14 20:18 - 00000079 _____ C:\Windows\RunDev.bat
2013-12-14 20:18 - 2013-12-14 20:18 - 00000028 _____ C:\Windows\hphwlist.txt
2013-12-14 20:10 - 2013-12-14 20:10 - 00000000 ____D C:\sp55040
2013-12-14 20:10 - 2011-09-30 16:19 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-12-14 19:57 - 2011-02-10 12:23 - 00000000 ____D C:\SWSetup
2013-12-14 19:48 - 2013-12-14 19:48 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\th-TH
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sl-SI
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sk-SK
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\ro-RO
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\lv-LV
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\lt-LT
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\hr-HR
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\et-EE
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\bg-BG
2013-12-14 19:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-12-14 19:47 - 2013-12-14 19:47 - 00000000 ____D C:\Users\Bev\AppData\Roaming\InstallShield
2013-12-14 19:47 - 2011-09-30 16:13 - 00006656 _____ C:\Windows\system32\bcmwlrc.dll
2013-12-14 19:23 - 2013-12-14 18:41 - 00000000 ____D C:\Users\Bev\Desktop\mbar
2013-12-14 19:20 - 2013-12-14 18:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-14 18:42 - 2013-12-14 18:42 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-14 18:42 - 2013-12-14 18:42 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-14 18:40 - 2013-12-14 18:41 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Bev\Desktop\mbar-1.07.0.1008.exe
2013-12-13 02:15 - 2013-12-13 12:55 - 00602112 _____ (OldTimer Tools) C:\Users\Bev\Desktop\OTL.exe
2013-12-11 21:39 - 2013-12-11 21:57 - 00688992 ____R (Swearware) C:\Users\Bev\Desktop\dds.com
2013-12-11 21:19 - 2013-12-11 21:19 - 00000000 ____D C:\Users\Bev\AppData\Roaming\Malwarebytes
2013-12-11 21:18 - 2013-12-11 21:18 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-11 21:18 - 2013-12-11 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-11 21:18 - 2013-12-11 21:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-11 21:09 - 2013-12-11 18:51 - 00000000 ____D C:\Windows\erdnt
2013-12-11 20:14 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Msdtc
2013-12-11 19:53 - 2013-12-11 19:58 - 13086648 _____ (IObit ) C:\Users\Bev\Desktop\driverbooster-cnet-setup.exe
2013-12-11 18:56 - 2013-12-11 19:04 - 05153140 ____R (Swearware) C:\Users\Bev\Desktop\ComboFix.exe
2013-12-07 09:28 - 2013-08-27 23:14 - 00000000 ____D C:\ProgramData\McAfee
2013-12-07 09:04 - 2013-12-07 09:04 - 00340984 _____ C:\Windows\Minidump\120713-15584-01.dmp
2013-12-07 09:04 - 2013-12-06 17:07 - 303105017 _____ C:\Windows\MEMORY.DMP
2013-12-07 09:04 - 2013-12-06 17:07 - 00000000 ____D C:\Windows\Minidump
2013-12-06 17:23 - 2013-12-06 17:23 - 00340984 _____ C:\Windows\Minidump\120613-16068-01.dmp
2013-12-06 17:07 - 2013-12-06 17:07 - 00345168 _____ C:\Windows\Minidump\120613-15490-01.dmp
2013-12-06 00:32 - 2013-12-06 00:32 - 00002177 _____ C:\Users\Bev\Desktop\HP Support Assistant.lnk
2013-12-06 00:32 - 2011-07-21 08:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-06 00:32 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2013-12-06 00:28 - 2011-07-21 07:57 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-06 00:26 - 2013-12-06 00:26 - 00000000 ____D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2013-12-06 00:23 - 2011-07-21 08:09 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-12-04 10:58 - 2013-12-04 10:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-03 19:03 - 2012-02-17 11:12 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-03 19:03 - 2012-02-07 20:18 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-28 23:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-28 23:31 - 2013-11-28 23:26 - 00007582 _____ C:\Windows\IE11_main.log
2013-11-28 23:28 - 2013-11-28 23:28 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-28 23:28 - 2013-11-28 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-28 23:28 - 2013-11-28 23:28 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-28 23:28 - 2013-11-28 23:28 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-28 23:28 - 2013-11-28 23:28 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-28 23:28 - 2013-11-28 23:28 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-28 23:28 - 2013-11-28 23:28 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-28 23:28 - 2013-11-28 23:28 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-28 23:28 - 2013-11-28 23:28 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-28 23:28 - 2013-11-28 23:28 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-28 23:28 - 2013-11-28 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-28 23:28 - 2013-11-28 23:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-28 23:26 - 2009-07-13 19:34 - 00000499 _____ C:\Windows\win.ini
2013-11-28 23:13 - 2013-08-16 20:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-28 03:27 - 2013-11-28 03:27 - 00000000 ____D C:\284b150cfa7739fc4a
2013-11-28 03:27 - 2012-02-06 18:46 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-27 19:19

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2013 02
Ran by Bev at 2013-12-16 18:10:22
Running from C:\Users\Bev\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Reader X MUI (x32 Version: 10.0.0)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)
Alien Shooter (x32)
Amazing Adventures Riddle of the Two Knights (x32)
AMD APP SDK Runtime (Version: 2.4.650.9)
AMD Fuel (Version: 2011.0705.1115.18310)
AMD Media Foundation Decoders (Version: 1.0.60705.1113)
AMD Steady Video Plug-In (Version: 1.00.0000)
AMD VISION Engine Control Center (x32 Version: 2011.0705.1115.18310)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Big Fish Games: Game Manager (x32 Version: 3.0.1.60)
Blaze Audio Overdub! (x32)
Blaze Audio RipEditBurn PLUS (x32)
Blaze Audio Sound Effects Set 1 (x32)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.100.82.86)
Broadcom Bluetooth Software (Version: 6.5.0.1300)
Broadcom InConcert Maestro (Version: 1.0.1.1300)
Business Contact Manager for Outlook 2003 (x32 Version: 1.0.2002.1)
Canon Inkjet Printer Driver Add-On Module V2.00
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0705.1115.18310)
Catalyst Control Center InstallProxy (x32 Version: 2011.0705.1115.18310)
Catalyst Control Center Localization All (x32 Version: 2011.0705.1115.18310)
CCC Help Chinese Standard (x32 Version: 2011.0705.1114.18310)
CCC Help Chinese Traditional (x32 Version: 2011.0705.1114.18310)
CCC Help Czech (x32 Version: 2011.0705.1114.18310)
CCC Help Danish (x32 Version: 2011.0705.1114.18310)
CCC Help Dutch (x32 Version: 2011.0705.1114.18310)
CCC Help English (x32 Version: 2011.0705.1114.18310)
CCC Help Finnish (x32 Version: 2011.0705.1114.18310)
CCC Help French (x32 Version: 2011.0705.1114.18310)
CCC Help German (x32 Version: 2011.0705.1114.18310)
CCC Help Greek (x32 Version: 2011.0705.1114.18310)
CCC Help Hungarian (x32 Version: 2011.0705.1114.18310)
CCC Help Italian (x32 Version: 2011.0705.1114.18310)
CCC Help Japanese (x32 Version: 2011.0705.1114.18310)
CCC Help Korean (x32 Version: 2011.0705.1114.18310)
CCC Help Norwegian (x32 Version: 2011.0705.1114.18310)
CCC Help Polish (x32 Version: 2011.0705.1114.18310)
CCC Help Portuguese (x32 Version: 2011.0705.1114.18310)
CCC Help Russian (x32 Version: 2011.0705.1114.18310)
CCC Help Spanish (x32 Version: 2011.0705.1114.18310)
CCC Help Swedish (x32 Version: 2011.0705.1114.18310)
CCC Help Thai (x32 Version: 2011.0705.1114.18310)
CCC Help Turkish (x32 Version: 2011.0705.1114.18310)
ccc-utility64 (Version: 2011.0705.1115.18310)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
ContentHD (x32 Version: 1.00.0002)
Contents (x32 Version: 1.6.0.272)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000)
Corel PaintShop Photo Pro X3 (x32 Version: 1.6.1.263)
Corel VideoStudio Pro X3 (x32 Version: 1.6.0.272)
CyberLink YouCam (x32 Version: 3.5.1.4119)
D3DX10 (x32 Version: 15.4.2368.0902)
DeviceIO (x32 Version: 1.6.0.272)
Dragon NaturallySpeaking 12 (x32 Version: 12.00.100)
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1)
Evernote v. 4.2.3 (x32 Version: 4.2.3.22)
Family Tree Maker 2012 (x32 Version: 21.0.580)
FrostWire 5.2.11 (x32 Version: 5.2.11.0)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Documentation (x32 Version: 1.1.0.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.7)
HP Quick Launch (x32 Version: 2.7.2)
HP Software Framework (x32 Version: 4.5.10.1)
HP Support Assistant (x32 Version: 7.4.45.4)
ICA (x32 Version: 1.6.0.272)
ICA (x32 Version: 1.6.1.263)
IDT Audio (x32 Version: 1.0.6351.0)
IncrediMail (x32 Version: 6.2.9.5181)
IncrediMail 2.0 (x32 Version: 6.2.9.5181)
IPM_PSP_CL (x32 Version: 1.00.0000)
IPM_PSP_COM (x32 Version: 1.00.0000)
IPM_VS_Pro (x32 Version: 13.0)
iTunes (Version: 11.0.4.4)
Jasc Paint Shop Pro 9 (x32 Version: 9.01.0000)
Java Auto Updater (x32 Version: 2.0.3.1)
Java™ 6 Update 24 (x32 Version: 6.0.240)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
jZip (x32)
Magic Bullet PhotoLooks for PaintShop Photo Pro (x32 Version: 1.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Small Business Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MLE (x32 Version: 1.0.0.18)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
Ozzy Bubbles (x32)
Paint Shop Pro 7 (x32 Version: 7.0.2.0000)
PaintShop Photo Pro X3 Registration Incentive (x32 Version: 1.00.0000)
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
PSPPContent (x32 Version: 1.00.0000)
PSPPRO_DCRAW (x32 Version: 13.0.0)
PureHD (x32 Version: 1.6.0.272)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 7.46.610.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.84)
Recovery Manager (x32 Version: 2.0.0)
Setup (x32 Version: 1.6.0.272)
Setup (x32 Version: 1.6.1.263)
Share (x32 Version: 1.6.0.272)
Share64 (Version: 1.6.0.272)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 5.10 (x32 Version: 5.10.116)
SmartSound Common Data (x32 Version: 1.1.0)
SmartSound Quicktracks 5 (x32 Version: 5.1.5)
Super Jigsaw Americana (x32)
Synaptics TouchPad Driver (Version: 15.3.17.0)
Tasty Planet Back for Seconds (x32)
TonkyPonky (x32)
Toy Defense (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
VIO (x32 Version: 1.6.0.272)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VSClassic (x32 Version: 1.6.0.272)
VSPro (x32 Version: 1.6.0.272)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Encoder 9 Series (x32 Version: 9.00.2980)
Windows Media Encoder 9 Series (x32)

==================== Restore Points =========================

28-10-2013 18:07:13 Scheduled Checkpoint
28-11-2013 10:26:30 Windows Update
29-11-2013 06:20:49 Windows Update
06-12-2013 07:26:39 Installed HP Support Assistant
06-12-2013 07:30:35 Windows Modules Installer
06-12-2013 07:31:37 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-12-11 21:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
Task: {1B4DAAB3-1658-4036-8413-9D4E76BFA794} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {1DE355E7-DF6E-43AC-9DBE-3606DD115A0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1EAB1079-2E3E-4B99-927D-D99860FC1470} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Task: {28BA09C3-58D9-4AF4-AC28-EC6FEACA0ED6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {50F4EFE1-9E41-45E8-A141-5BD59E81AC8D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {5852A289-BDEE-453C-93AF-D9CB0F56A055} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {65155F67-5402-4724-A139-2EF40DE10B2E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {6B0F1922-8DA7-442B-B911-B110B72C8D4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06] (Google Inc.)
Task: {77ED3FC0-DEE6-467D-9305-1F016EC899AF} - System32\Tasks\HPCeeScheduleForBev => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {798F7B6E-949C-4B2C-935C-A49E4315DFBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {85A9CFF1-4368-45C2-981B-3E9EC2484CFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06] (Google Inc.)
Task: {917A7CAF-4AFD-451D-B145-89BEED7CAAC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => Rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate
Task: {AE950D77-64CB-4314-8537-0CD4EF3C07FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {B8F12958-ABFF-488C-A650-F2ED86589EC2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\WSCStub.exe
Task: {B9813818-0718-4945-8FD4-AB0BED8C49FE} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {BD6F38BE-8439-4E25-83FF-3C9EB4A9B2EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BF0275FD-E0AB-4052-8F4D-F213F8F470F4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBev.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-02-09 14:49 - 2011-08-04 15:06 - 00139264 _____ () C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll
2011-07-05 11:27 - 2011-07-05 11:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-05 11:13 - 2011-07-05 11:13 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 13:42 - 2011-06-17 13:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0BEC8379
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:100384F2
AlternateDataStreams: C:\ProgramData\Temp:3FD02B38
AlternateDataStreams: C:\ProgramData\Temp:5D96AD1A
AlternateDataStreams: C:\ProgramData\Temp:89477489
AlternateDataStreams: C:\ProgramData\Temp:A700ABC5
AlternateDataStreams: C:\ProgramData\Temp:A7F5A65E
AlternateDataStreams: C:\ProgramData\Temp:B8CD998E
AlternateDataStreams: C:\ProgramData\Temp:FBFC061F
AlternateDataStreams: C:\ProgramData\Temp:FEE5129B
AlternateDataStreams: C:\Users\Bev\Documents\Your IncrediGames Games Order #108511510.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WfpLwf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth Hands-free Audio
Description: Bluetooth Hands-free Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NativeWifiP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth Personal Area Network
Description: Bluetooth Personal Area Network
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BTWDPAN
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Broadcom
Service: btwrchid
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2013 05:59:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2013 05:58:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 2.7.2.0, time stamp: 0x4f544ff4
Faulting module name: HPMSGSVC.exe, version: 2.7.2.0, time stamp: 0x4f544ff4
Exception code: 0xc0000005
Fault offset: 0x0000399f
Faulting process id: 0x850
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3

Error: (12/16/2013 05:58:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPOSD.exe, version: 1.3.5.0, time stamp: 0x4e4e0737
Faulting module name: HPOSD.exe, version: 1.3.5.0, time stamp: 0x4e4e0737
Exception code: 0xc0000005
Fault offset: 0x00005445
Faulting process id: 0x848
Faulting application start time: 0xHPOSD.exe0
Faulting application path: HPOSD.exe1
Faulting module path: HPOSD.exe2
Report Id: HPOSD.exe3

Error: (12/16/2013 05:58:33 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (12/16/2013 05:58:30 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (12/16/2013 05:58:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: rasppp.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c972
Exception code: 0xc000001d
Fault offset: 0x00000000000300e4
Faulting process id: 0x3f4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (12/16/2013 05:40:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2013 05:39:55 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.

Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {fe75e556-723f-4ad9-be02-5d63a2dbf541}

Error: (12/16/2013 05:34:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2013 05:33:44 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.

Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a3688f3b-3c30-4ad6-9301-568af8f481b5}

System errors:
=============
Error: (12/16/2013 06:06:30 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (12/16/2013 06:06:30 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%0

Error: (12/16/2013 06:06:30 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT AUTHORITY)
Description: Error occurred in stopping the Dhcpv4 Client service. Error code is 5. ShutDown Flag value is 0

Error: (12/16/2013 06:06:30 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT AUTHORITY)
Description: An error occurred in initializing DHCPv4. Error Code is 5

Error: (12/16/2013 06:05:01 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (12/16/2013 06:05:01 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT AUTHORITY)
Description: Error occurred in stopping the Dhcpv4 Client service. Error code is 5. ShutDown Flag value is 0

Error: (12/16/2013 06:05:01 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT AUTHORITY)
Description: An error occurred in initializing DHCPv4. Error Code is 5

Error: (12/16/2013 06:01:35 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (12/16/2013 06:01:35 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%0

Error: (12/16/2013 06:01:35 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT AUTHORITY)
Description: Error occurred in stopping the Dhcpv4 Client service. Error code is 5. ShutDown Flag value is 0

Microsoft Office Sessions:
=========================
Error: (12/16/2013 05:59:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2013 05:58:42 PM) (Source: Application Error)(User: )
Description: HPMSGSVC.exe2.7.2.04f544ff4HPMSGSVC.exe2.7.2.04f544ff4c00000050000399f85001cefac08598154bC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe5eee1974-66b6-11e3-ba04-c770ee9c3883

Error: (12/16/2013 05:58:42 PM) (Source: Application Error)(User: )
Description: HPOSD.exe1.3.5.04e4e0737HPOSD.exe1.3.5.04e4e0737c00000050000544584801cefac0858c2e69C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe5eedf264-66b6-11e3-ba04-c770ee9c3883

Error: (12/16/2013 05:58:33 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (12/16/2013 05:58:30 PM) (Source: Application Error)(User: )
Description: Host Process for Windows Services000000000

Error: (12/16/2013 05:58:30 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1rasppp.dll6.1.7601.175144ce7c972c000001d00000000000300e43f401cefac07bc1574aC:\Windows\system32\svchost.exeC:\Windows\system32\rasppp.dll57da7b35-66b6-11e3-ba04-c770ee9c3883

Error: (12/16/2013 05:40:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2013 05:39:55 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Access is denied.

Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {fe75e556-723f-4ad9-be02-5d63a2dbf541}

Error: (12/16/2013 05:34:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2013 05:33:44 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Access is denied.

Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a3688f3b-3c30-4ad6-9301-568af8f481b5}

==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 5610.91 MB
Available physical RAM: 4180.63 MB
Total Pagefile: 11219.99 MB
Available Pagefile: 9595.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:576.75 GB) (Free:509.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:15.25 GB) (Free:1.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 8F3D78A5)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=577 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

Attached Files

OTL.Txt 92.81KB 124 downloads

#10
RKinner

Posted 16 December 2013 - 07:44 PM

Malware Expert

Expert
24,625 posts

Don't see any malware - just some adware.

Lots of IP stuff is not working tho:

Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WfpLwf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

...

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NativeWifiP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth Personal Area Network
Description: Bluetooth Personal Area Network
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BTWDPAN
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Broadcom
Service: btwrchid
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Make sure when trying to start dhcp that you are using an elevated Command Prompt:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.

If you are using an elevated command prompt then you need to go into the registry:

regedit

and navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp

then right click on dhcp and select Permissions

System and Administrators should have Full Control checked. If not you will need to take ownership and fix it:

http://www.howtogeek...y-in-windows-7/

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer Errors
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#11
GoBerserkMode

Posted 16 December 2013 - 08:15 PM

Member

Topic Starter
Member
40 posts

The permissions are set for FULL CONTROL for all user accounts and Administrator, yet I still get the same error.

-------------------------------------------------------------------------------------------

MiniToolBox by Farbar Version: 13-07-2013
Ran by Bev (administrator) on 16-12-2013 at 19:12:13
Running from "C:\Users\Bev\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter = Wireless Network Connection 2 (Connected)
Realtek PCIe FE Family Controller = Local Area Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Bev-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 78-E3-B5-5C-40-89
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
3...78 e3 b5 5c 40 89 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/16/2013 07:07:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2013 07:06:39 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.

Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {88bedc28-f5d9-42da-a79e-ed568f71d153}

Error: (12/16/2013 06:57:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2013 06:56:53 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.

Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0ed48b3b-eb29-43da-9b86-bcdfefeccd9b}

Error: (12/16/2013 06:25:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17363

Error: (12/16/2013 06:25:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17363

Error: (12/16/2013 06:25:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/16/2013 06:25:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPOSD.exe, version: 1.3.5.0, time stamp: 0x4e4e0737
Faulting module name: HPOSD.exe, version: 1.3.5.0, time stamp: 0x4e4e0737
Exception code: 0xc0000005
Fault offset: 0x00005445
Faulting process id: 0x938
Faulting application start time: 0xHPOSD.exe0
Faulting application path: HPOSD.exe1
Faulting module path: HPOSD.exe2
Report Id: HPOSD.exe3

Error: (12/16/2013 06:25:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 2.7.2.0, time stamp: 0x4f544ff4
Faulting module name: HPMSGSVC.exe, version: 2.7.2.0, time stamp: 0x4f544ff4
Exception code: 0xc0000005
Fault offset: 0x0000399f
Faulting process id: 0x940
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3

Error: (12/16/2013 06:24:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: rastapi.DLL_unloaded, version: 0.0.0.0, time stamp: 0x4a5be041
Exception code: 0xc0000005
Fault offset: 0x000007fee8a600e4
Faulting process id: 0x3c8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

System errors:
=============
Error: (12/16/2013 07:11:48 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (12/16/2013 07:11:48 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%0

Error: (12/16/2013 07:11:48 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT AUTHORITY)
Description: Error occurred in stopping the Dhcpv4 Client service. Error code is 5. ShutDown Flag value is 0

Error: (12/16/2013 07:11:48 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT AUTHORITY)
Description: An error occurred in initializing DHCPv4. Error Code is 5

Error: (12/16/2013 07:10:24 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (12/16/2013 07:10:24 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT AUTHORITY)
Description: Error occurred in stopping the Dhcpv4 Client service. Error code is 5. ShutDown Flag value is 0

Error: (12/16/2013 07:10:24 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT AUTHORITY)
Description: An error occurred in initializing DHCPv4. Error Code is 5

Error: (12/16/2013 07:10:21 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (12/16/2013 07:10:21 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%0

Error: (12/16/2013 07:10:21 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT AUTHORITY)
Description: Error occurred in stopping the Dhcpv4 Client service. Error code is 5. ShutDown Flag value is 0

Microsoft Office Sessions:
=========================
Error: (12/16/2013 07:07:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2013 07:06:39 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Access is denied.

Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {88bedc28-f5d9-42da-a79e-ed568f71d153}

Error: (12/16/2013 06:57:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2013 06:56:53 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Access is denied.

Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0ed48b3b-eb29-43da-9b86-bcdfefeccd9b}

Error: (12/16/2013 06:25:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17363

Error: (12/16/2013 06:25:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17363

Error: (12/16/2013 06:25:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/16/2013 06:25:03 PM) (Source: Application Error)(User: )
Description: HPOSD.exe1.3.5.04e4e0737HPOSD.exe1.3.5.04e4e0737c00000050000544593801cefac65f02107bC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe0d1b4577-66ba-11e3-a15c-60d81948d160

Error: (12/16/2013 06:25:03 PM) (Source: Application Error)(User: )
Description: HPMSGSVC.exe2.7.2.04f544ff4HPMSGSVC.exe2.7.2.04f544ff4c00000050000399f94001cefac65f03971bC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe0d1b6c87-66ba-11e3-a15c-60d81948d160

Error: (12/16/2013 06:24:58 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1rastapi.DLL_unloaded0.0.0.04a5be041c0000005000007fee8a600e43c801cefac6564d3589C:\Windows\system32\svchost.exerastapi.DLL0a7356a5-66ba-11e3-a15c-60d81948d160

=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader X MUI (Version: 10.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Alien Shooter
Amazing Adventures Riddle of the Two Knights
AMD APP SDK Runtime (Version: 2.4.650.9)
AMD Fuel (Version: 2011.0705.1115.18310)
AMD Media Foundation Decoders (Version: 1.0.60705.1113)
AMD Steady Video Plug-In (Version: 1.00.0000)
AMD VISION Engine Control Center (Version: 2011.0705.1115.18310)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Big Fish Games: Game Manager (Version: 3.0.1.60)
Blaze Audio Overdub!
Blaze Audio RipEditBurn PLUS
Blaze Audio Sound Effects Set 1
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.100.82.86)
Broadcom Bluetooth Software (Version: 6.5.0.1300)
Broadcom InConcert Maestro (Version: 1.0.1.1300)
Business Contact Manager for Outlook 2003 (Version: 1.0.2002.1)
Canon Inkjet Printer Driver Add-On Module V2.00
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0705.1115.18310)
Catalyst Control Center InstallProxy (Version: 2011.0705.1115.18310)
Catalyst Control Center Localization All (Version: 2011.0705.1115.18310)
CCC Help Chinese Standard (Version: 2011.0705.1114.18310)
CCC Help Chinese Traditional (Version: 2011.0705.1114.18310)
CCC Help Czech (Version: 2011.0705.1114.18310)
CCC Help Danish (Version: 2011.0705.1114.18310)
CCC Help Dutch (Version: 2011.0705.1114.18310)
CCC Help English (Version: 2011.0705.1114.18310)
CCC Help Finnish (Version: 2011.0705.1114.18310)
CCC Help French (Version: 2011.0705.1114.18310)
CCC Help German (Version: 2011.0705.1114.18310)
CCC Help Greek (Version: 2011.0705.1114.18310)
CCC Help Hungarian (Version: 2011.0705.1114.18310)
CCC Help Italian (Version: 2011.0705.1114.18310)
CCC Help Japanese (Version: 2011.0705.1114.18310)
CCC Help Korean (Version: 2011.0705.1114.18310)
CCC Help Norwegian (Version: 2011.0705.1114.18310)
CCC Help Polish (Version: 2011.0705.1114.18310)
CCC Help Portuguese (Version: 2011.0705.1114.18310)
CCC Help Russian (Version: 2011.0705.1114.18310)
CCC Help Spanish (Version: 2011.0705.1114.18310)
CCC Help Swedish (Version: 2011.0705.1114.18310)
CCC Help Thai (Version: 2011.0705.1114.18310)
CCC Help Turkish (Version: 2011.0705.1114.18310)
ccc-utility64 (Version: 2011.0705.1115.18310)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
ContentHD (Version: 1.00.0002)
Contents (Version: 1.6.0.272)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
Corel PaintShop Photo Pro X3 (Version: 1.00.0000)
Corel PaintShop Photo Pro X3 (Version: 1.6.1.263)
Corel VideoStudio Pro X3 (Version: 1.6.0.272)
CyberLink YouCam (Version: 3.5.1.4119)
D3DX10 (Version: 15.4.2368.0902)
DeviceIO (Version: 1.6.0.272)
Dragon NaturallySpeaking 12 (Version: 12.00.100)
ESU for Microsoft Windows 7 SP1 (Version: 2.1.1)
Evernote v. 4.2.3 (Version: 4.2.3.22)
Family Tree Maker 2012 (Version: 21.0.580)
FrostWire 5.2.11 (Version: 5.2.11.0)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Documentation (Version: 1.1.0.0)
HP On Screen Display (Version: 1.3.5)
HP Power Manager (Version: 1.4.7)
HP Quick Launch (Version: 2.7.2)
HP Software Framework (Version: 4.5.10.1)
HP Support Assistant (Version: 7.4.45.4)
ICA (Version: 1.6.0.272)
ICA (Version: 1.6.1.263)
IDT Audio (Version: 1.0.6351.0)
IncrediMail (Version: 6.2.9.5181)
IncrediMail 2.0 (Version: 6.2.9.5181)
IPM_PSP_CL (Version: 1.00.0000)
IPM_PSP_COM (Version: 1.00.0000)
IPM_VS_Pro (Version: 13.0)
iTunes (Version: 11.0.4.4)
Jasc Paint Shop Pro 9 (Version: 9.01.0000)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 15.4.3502.0922)
jZip
Magic Bullet PhotoLooks for PaintShop Photo Pro (Version: 1.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Starter 2010 - English (Version: 14.0.5131.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MLE (Version: 1.0.0.18)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Ozzy Bubbles
Paint Shop Pro 7 (Version: 7.0.2.0000)
PaintShop Photo Pro X3 Registration Incentive (Version: 1.00.0000)
Photo Notifier and Animation Creator (Version: 1.0.0.1009)
PlayReady PC Runtime x86 (Version: 1.3.0)
PSPPContent (Version: 1.00.0000)
PSPPRO_DCRAW (Version: 13.0.0)
PureHD (Version: 1.6.0.272)
QuickTime (Version: 7.74.80.86)
Realtek Ethernet Controller Driver (Version: 7.46.610.2011)
Realtek PCIE Card Reader (Version: 6.1.7601.84)
Recovery Manager (Version: 2.0.0)
Setup (Version: 1.6.0.272)
Setup (Version: 1.6.1.263)
Share (Version: 1.6.0.272)
Share64 (Version: 1.6.0.272)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 5.10 (Version: 5.10.116)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.5)
Super Jigsaw Americana
Synaptics TouchPad Driver (Version: 15.3.17.0)
Tasty Planet Back for Seconds
TonkyPonky
Toy Defense
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
VIO (Version: 1.6.0.272)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VSClassic (Version: 1.6.0.272)
VSPro (Version: 1.6.0.272)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)

========================= Devices: ================================

Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WfpLwf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NativeWifiP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 5610.91 MB
Available physical RAM: 4385 MB
Total Pagefile: 11219.99 MB
Available Pagefile: 9723.73 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.29 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:576.75 GB) (Free:509.3 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:15.25 GB) (Free:1.66 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32
5 Drive g: () (Removable) (Total:15.09 GB) (Free:15.09 GB) FAT32

========================= Users: ========================================

User accounts for \\BEV-HP

Administrator ASPNET Bev
Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#12
RKinner

Posted 16 December 2013 - 09:47 PM

Malware Expert

Expert
24,625 posts

The PC you got the winsock registry files from was a 64 bit wasn't it?

Download the attached dhcp.reg and save it then right click on it and Merge

then reboot and see if dhcp will start. It calls dhcpcore.dll so we need to make sure the file is good.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

sfc  /scanfile=c:\windows\system32\dhcpcore.dll

It should say:
Windows Resource Protection did not find any integrity violations.

Then in Windows Explorer, (Right click on Start ball and select Open Windows Explorer) find:

c:\windows\system32\dhcpcore.dll and right click on it and select Properties then Security. Verify that System and Administrator can at least Read and Execute.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

any change with dhcp?

#13
GoBerserkMode

Posted 16 December 2013 - 11:56 PM

Member

Topic Starter
Member
40 posts

I think you may have forgot to attach the dhcp registry key.

Yes the other windows 7 machine is 64-bit. I do not understand why DHCP stopped working... it worked that one time after I put in the winsock1 and winsock2 keys, and now it will not start.

"sfc /scanfile=c:\windows\system32\dhcpcore.dll"
- Said it found no violations.

I located dhcpcore.dll and CHANGED all user accounts and administrator to FULL CONTROL as they were set to read-only before. However, I still get the permissions error when i try to do net start dhcp.

ESET's Service Repair unfortunately had no effect either.

I feel like trying a system restore to the earliest date, but am afraid it will not fix the issue/malware will be present at that time and it will be a repeated cycle... gahhhhh

*EDIT:
DHCP IS NOW WORKING SOMEHOW! I have no idea what got it to work. I added NETWORKSERVICE permissions to many different files/keys I cannot even remember. I have rebooted the machine five times in a row now and can confirm is starts consistently. I am also getting a preffered IP address that does not start with 254. I can ping my router 192.168.0.1. I can also *see* the machine in the DHCP Client list in my router settings.

However, I still cannot ping google.

Ive attached a junk.txt with an updated ipconfig /all

Attached Files

junk.txt 1.15KB 180 downloads

Edited by GoBerserkMode, 17 December 2013 - 12:49 AM.

#14
RKinner

Posted 17 December 2013 - 12:44 AM

Malware Expert

Expert
24,625 posts

oops

#15
RKinner

Posted 17 December 2013 - 01:00 AM

Malware Expert

Expert
24,625 posts

Looks like DHCP is working. I don't think your DNS is working at least it doesn't work for me.

From an admin Command Prompt:

tracert  -d  8.8.8.8

Does this finish with: Trace Complete or do you just get a bunch of lines with * * *?

If it works (Trace Complete) then change the DNS to 8.8.8.8 and 4.2.2.1

Control Panel, Network and Sharing Center, Local Area Connection 2, Properties, Internet Protocol Version 4 (TCP/IPv4), Properties then make it look like the picture:

Now go back to the Command Prompt and look at ipconfig /all and make sure it now shows 8.8.8.8 and 4.2.2.1 for DNS. Test it with:

nslookup geekstogo.com

You should get:

Non-authoritative answer:
Name: geekstogo.com
Addresses: 108.162.196.137
108.162.197.137

If it is working and you should be able to get on line with a browser now. If it just times out then it is not working.