Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help! Virus (Possible rootkit) - No internet access!


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Looks like you have both Wired and wireless active. Disable the wireless until we get this sorted out.

Start, right click on Computer and select Manage then Device Manager theView, Show Hidden Devices. Look in the right pane and find everything with a yellow flag. Right click on it and uninstall. Then clear the alarms again:
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot and run minitoolkit as before and post the log.
  • 0

Advertisements


#32
GoBerserkMode

GoBerserkMode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Some of the Yellow flagged devices would not uninstall, they are still present (The ones starting with WAN), so i just disabled them, along with my wireless device... even though I thought I had it disabled already (It will not look for access points).


MiniToolBox by Farbar Version: 13-07-2013
Ran by Bev (administrator) on 17-12-2013 at 20:42:50
Running from "C:\Users\Bev\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection 2 (Connected)
Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter = Wireless Network Connection 2 (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Bev-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 78-E3-B5-5C-40-89
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.124(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : December-17-13 8:41:12 PM
Lease Expires . . . . . . . . . . : December-18-13 8:41:12 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 8.8.8.8
4.2.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com
Addresses: 2607:f8b0:4009:804::1007
173.194.46.41
173.194.46.38
173.194.46.39
173.194.46.35
173.194.46.34
173.194.46.46
173.194.46.40
173.194.46.37
173.194.46.33
173.194.46.32
173.194.46.36

Ping request could not find host google.com. Please check the name and try again.
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
5...78 e3 b5 5c 40 89 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.124 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.124 276
192.168.0.124 255.255.255.255 On-link 192.168.0.124 276
192.168.0.255 255.255.255.255 On-link 192.168.0.124 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.124 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.124 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/17/2013 08:42:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2013 08:41:15 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.


Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {984d7c9e-d1b4-4bfa-8b15-aeb5ff8b8b1d}


System errors:
=============
Error: (12/17/2013 08:42:11 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023821.

Error: (12/17/2013 08:42:11 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends the following service: netprofm. This service might not be installed.

Error: (12/17/2013 08:42:10 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Psched
WfpLwf

Error: (12/17/2013 08:42:10 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft iSCSI Initiator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (12/17/2013 08:42:11 PM) (Source: DCOM) (User: )
Description: 1075HomeGroupProvider{6F7C8E8F-DC69-4E3F-BC05-439962A05FD5}

Error: (12/17/2013 08:42:08 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Auto Connection Manager service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1068

Error: (12/17/2013 08:42:07 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error:
%%0

Error: (12/17/2013 08:42:07 PM) (Source: Service Control Manager) (User: )
Description: The Network Access Protection Agent service terminated with the following error:
%%2

Error: (12/17/2013 08:42:07 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic System Host service terminated with the following error:
%%1052

Error: (12/17/2013 08:42:07 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Service Host service terminated with the following error:
%%1052


Microsoft Office Sessions:
=========================
Error: (12/17/2013 08:42:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2013 08:41:15 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Access is denied.


Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {984d7c9e-d1b4-4bfa-8b15-aeb5ff8b8b1d}


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader X MUI (Version: 10.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Alien Shooter
Amazing Adventures Riddle of the Two Knights
AMD APP SDK Runtime (Version: 2.4.650.9)
AMD Fuel (Version: 2011.0705.1115.18310)
AMD Media Foundation Decoders (Version: 1.0.60705.1113)
AMD Steady Video Plug-In (Version: 1.00.0000)
AMD VISION Engine Control Center (Version: 2011.0705.1115.18310)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Big Fish Games: Game Manager (Version: 3.0.1.60)
Blaze Audio Overdub!
Blaze Audio Sound Effects Set 1
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.100.82.140)
Broadcom Bluetooth Software (Version: 6.5.0.1300)
Broadcom InConcert Maestro (Version: 1.0.1.1300)
Business Contact Manager for Outlook 2003 (Version: 1.0.2002.1)
Canon Inkjet Printer Driver Add-On Module V2.00
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0705.1115.18310)
Catalyst Control Center InstallProxy (Version: 2011.0705.1115.18310)
Catalyst Control Center Localization All (Version: 2011.0705.1115.18310)
CCC Help Chinese Standard (Version: 2011.0705.1114.18310)
CCC Help Chinese Traditional (Version: 2011.0705.1114.18310)
CCC Help Czech (Version: 2011.0705.1114.18310)
CCC Help Danish (Version: 2011.0705.1114.18310)
CCC Help Dutch (Version: 2011.0705.1114.18310)
CCC Help English (Version: 2011.0705.1114.18310)
CCC Help Finnish (Version: 2011.0705.1114.18310)
CCC Help French (Version: 2011.0705.1114.18310)
CCC Help German (Version: 2011.0705.1114.18310)
CCC Help Greek (Version: 2011.0705.1114.18310)
CCC Help Hungarian (Version: 2011.0705.1114.18310)
CCC Help Italian (Version: 2011.0705.1114.18310)
CCC Help Japanese (Version: 2011.0705.1114.18310)
CCC Help Korean (Version: 2011.0705.1114.18310)
CCC Help Norwegian (Version: 2011.0705.1114.18310)
CCC Help Polish (Version: 2011.0705.1114.18310)
CCC Help Portuguese (Version: 2011.0705.1114.18310)
CCC Help Russian (Version: 2011.0705.1114.18310)
CCC Help Spanish (Version: 2011.0705.1114.18310)
CCC Help Swedish (Version: 2011.0705.1114.18310)
CCC Help Thai (Version: 2011.0705.1114.18310)
CCC Help Turkish (Version: 2011.0705.1114.18310)
ccc-utility64 (Version: 2011.0705.1115.18310)
ContentHD (Version: 1.00.0002)
Contents (Version: 1.6.0.272)
Contrôle ActiveX Windows Live Mesh pour connexions ŕ distance (Version: 15.4.5722.2)
Corel PaintShop Photo Pro X3 (Version: 1.00.0000)
Corel PaintShop Photo Pro X3 (Version: 1.6.1.263)
Corel VideoStudio Pro X3 (Version: 1.6.0.272)
CyberLink YouCam (Version: 3.5.1.4119)
D3DX10 (Version: 15.4.2368.0902)
DeviceIO (Version: 1.6.0.272)
Dragon NaturallySpeaking 12 (Version: 12.00.100)
ESU for Microsoft Windows 7 SP1 (Version: 2.1.1)
Evernote v. 4.2.3 (Version: 4.2.3.22)
Family Tree Maker 2012 (Version: 21.0.580)
FrostWire 5.2.11 (Version: 5.2.11.0)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Documentation (Version: 1.1.0.0)
HP On Screen Display (Version: 1.3.5)
HP Power Manager (Version: 1.4.7)
HP Quick Launch (Version: 2.7.2)
HP Software Framework (Version: 4.5.10.1)
HP Support Assistant (Version: 7.4.45.4)
ICA (Version: 1.6.0.272)
ICA (Version: 1.6.1.263)
IDT Audio (Version: 1.0.6351.0)
IncrediMail (Version: 6.2.9.5181)
IncrediMail 2.0 (Version: 6.2.9.5181)
IPM_PSP_CL (Version: 1.00.0000)
IPM_PSP_COM (Version: 1.00.0000)
IPM_VS_Pro (Version: 13.0)
iTunes (Version: 11.0.4.4)
Jasc Paint Shop Pro 9 (Version: 9.01.0000)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 15.4.3502.0922)
Magic Bullet PhotoLooks for PaintShop Photo Pro (Version: 1.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Starter 2010 - English (Version: 14.0.5131.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MLE (Version: 1.0.0.18)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Ozzy Bubbles
Paint Shop Pro 7 (Version: 7.0.2.0000)
PaintShop Photo Pro X3 Registration Incentive (Version: 1.00.0000)
Photo Notifier and Animation Creator (Version: 1.0.0.1009)
PlayReady PC Runtime x86 (Version: 1.3.0)
PSPPContent (Version: 1.00.0000)
PSPPRO_DCRAW (Version: 13.0.0)
PureHD (Version: 1.6.0.272)
QuickTime (Version: 7.74.80.86)
Realtek Ethernet Controller Driver (Version: 7.46.610.2011)
Realtek PCIE Card Reader (Version: 6.1.7601.84)
Recovery Manager (Version: 2.0.0)
Setup (Version: 1.6.0.272)
Setup (Version: 1.6.1.263)
Share (Version: 1.6.0.272)
Share64 (Version: 1.6.0.272)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 5.10 (Version: 5.10.116)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.5)
Super Jigsaw Americana
Synaptics TouchPad Driver (Version: 15.3.17.0)
Tasty Planet Back for Seconds
TonkyPonky
Toy Defense
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
VIO (Version: 1.6.0.272)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VSClassic (Version: 1.6.0.272)
VSPro (Version: 1.6.0.272)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)

========================= Devices: ================================

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter
Description: Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 5610.91 MB
Available physical RAM: 4403.71 MB
Total Pagefile: 11219.99 MB
Available Pagefile: 9799.29 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.32 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:576.75 GB) (Free:508.88 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:15.25 GB) (Free:1.66 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32
5 Drive g: (USB DRIVE) (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT

========================= Users: ========================================

User accounts for \\BEV-HP

Administrator ASPNET Bev
Guest

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Re-enable anything you disabled. The idea was to uninstall them so Windows would reinstall.

While there look for

Psched
WfpLwf

See if you can find what drivers they are calling or what errors they are complaining about.

In the search box type: services.msc and hit Enter. This should bring up the Services Window. Look for:

Network Access Protection (NAP) agent => right click on it and select Properties then change the Startup type to Manual OK.

See if you can find one called QOS something and do the same to it.

Then clear the alarms and reboot and run minitoolbox again.
  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Found

Psched
WfpLwf

They are in the non plug and play area.

Psched is called QOS Packet Scheduler and uses c:\windows\system32\drivers\psched.sys

WfpLwf is called WFP LightweightFilter and uses c:\windows\system32\drivers\WfpLwf.sys

Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

c:\windows\system32\drivers\psched.sys
c:\windows\system32\drivers\WfpLwf.sys

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.
  • 0

#35
GoBerserkMode

GoBerserkMode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Changed NAP to manual.
Could not find the QOS service.

Looks like I do not have Psched or WfpLwf on my pc....

GrantPerms by Farbar
Ran by Bev (administrator) at 2013-12-18 12:21:09

===============================================
ERROR: Parsing the SD of <\\?\c:\windows\system32\drivers\psched.sys> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
ERROR: Parsing the SD of <\\?\c:\windows\system32\drivers\WfpLwf.sys> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I've got one of them on my pc. Download, save and right click and Extract All then copy the wfplwf.sys file to c:\windows\system32\drivers

We can let OTL look for a copy of the other one:


Copy the text in the code box:

/md5start
psched.sys
WfpLwf.sys
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Got to run in to town for an hour or so.
  • 0

#38
GoBerserkMode

GoBerserkMode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I've been busy, this time of year is crazy, finally got back to this...

So when I go into my system32/drivers folder, I can physically see WfpLwf.sys

Yet, the GrantPermissions program cannot see it?

Also, when I try to delete it (I made a copy first), error says I do not have permission from TrustedInstaller to delete the file.

OTL logfile created on: 12/19/2013 8:49:23 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bev\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.48 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 78.13% Memory free
10.96 Gb Paging File | 9.49 Gb Available in Paging File | 86.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.75 Gb Total Space | 508.87 Gb Free Space | 88.23% Space Free | Partition Type: NTFS
Drive D: | 15.25 Gb Total Space | 1.66 Gb Free Space | 10.91% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 3.95 Gb Free Space | 99.75% Space Free | Partition Type: FAT32
Drive G: | 976.11 Mb Total Space | 976.08 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: BEV-HP | User Name: Bev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/13 02:15:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bev\Desktop\OTL.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/07/18 21:07:06 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/15 17:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/28 23:28:32 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/07 21:38:59 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/09/15 18:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/05 11:27:04 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/16 18:57:44 | 001,083,680 | ---- | M] (Broadcom Corporation.) [On_Demand | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/02/16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (lltdsvc)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/18 21:07:06 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/02/07 21:36:38 | 002,424,424 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/07 21:38:59 | 000,528,896 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/02/07 21:37:54 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/02/07 21:36:38 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/09/15 18:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/15 17:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/21 07:40:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/21 07:40:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/16 03:26:14 | 000,133,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011/06/14 18:44:56 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/06/14 18:44:46 | 000,165,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/06/14 18:44:40 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/06/10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/21 11:19:42 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/21 00:49:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/04/16 03:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 03:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/03/30 15:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/02/14 02:17:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/16 12:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/31 12:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/17 18:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {49B604D7-45B8-4E5E-A635-FB4AE9A4A29E}
IE - HKCU\..\SearchScopes\{49B604D7-45B8-4E5E-A635-FB4AE9A4A29E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/07/18 20:54:16 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Dragon NaturallySpeaking Rich Internet Application Support = C:\Users\Bev\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0\

O1 HOSTS File: ([2013/12/11 21:09:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.153.176.1 75.153.176.9 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2010E7C-2D85-4701-AFDB-40A3D8E8AAC4}: DhcpNameServer = 75.153.176.1 75.153.176.9 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2010E7C-2D85-4701-AFDB-40A3D8E8AAC4}: NameServer = 8.8.8.8,4.2.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/19 20:43:00 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Users\Bev\Desktop\wfplwf.sys
[2013/12/17 12:53:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/17 12:48:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/17 12:48:07 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Bev\Desktop\JRT.exe
[2013/12/17 00:36:49 | 000,539,240 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/12/17 00:32:54 | 037,013,400 | ---- | C] (Hewlett-Packard Company ) -- C:\Users\Bev\Desktop\sp57965.exe
[2013/12/17 00:32:54 | 006,038,592 | ---- | C] (Hewlett-Packard ) -- C:\Users\Bev\Desktop\sp55040.exe
[2013/12/16 19:11:27 | 000,760,937 | ---- | C] (Farbar) -- C:\Users\Bev\Desktop\MiniToolBox.exe
[2013/12/16 18:09:31 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/16 17:36:34 | 001,927,940 | ---- | C] (Farbar) -- C:\Users\Bev\Desktop\FRST64.exe
[2013/12/14 23:23:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/14 23:23:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/14 20:18:44 | 000,075,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\devconx64.exe
[2013/12/14 20:10:12 | 000,000,000 | ---D | C] -- C:\sp55040
[2013/12/14 19:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013/12/14 19:47:35 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Roaming\InstallShield
[2013/12/14 18:42:22 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013/12/14 18:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/12/14 18:42:01 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/12/14 18:41:59 | 000,000,000 | ---D | C] -- C:\Users\Bev\Desktop\mbar
[2013/12/14 18:41:49 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Bev\Desktop\mbar-1.07.0.1008.exe
[2013/12/13 12:55:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bev\Desktop\OTL.exe
[2013/12/11 21:57:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Bev\Desktop\dds.com
[2013/12/11 21:19:02 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Roaming\Malwarebytes
[2013/12/11 21:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/11 21:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/11 21:18:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/11 21:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/11 21:17:43 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Local\Programs
[2013/12/11 19:58:09 | 013,086,648 | ---- | C] (IObit ) -- C:\Users\Bev\Desktop\driverbooster-cnet-setup.exe
[2013/12/11 19:05:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/11 19:05:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/11 19:05:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/11 19:04:40 | 005,153,140 | R--- | C] (Swearware) -- C:\Users\Bev\Desktop\ComboFix.exe
[2013/12/11 18:51:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/11 18:51:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/12/06 17:07:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/12/06 00:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2013/11/28 23:31:49 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/28 23:28:45 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/28 23:28:45 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/28 23:28:33 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/28 23:28:33 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/28 23:28:33 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/28 23:28:33 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/28 23:28:33 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/28 23:28:33 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/28 23:28:33 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/28 23:28:33 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/28 23:28:33 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/28 23:28:33 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/28 23:28:33 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/28 23:28:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/28 23:28:33 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/28 23:28:33 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/28 23:28:33 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/28 23:28:33 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/28 23:28:33 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/28 23:28:33 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/28 23:28:33 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/28 23:28:33 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/28 23:28:33 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/28 23:28:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/28 23:28:33 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/28 23:28:33 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/28 23:28:33 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/28 23:28:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/28 23:28:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/28 23:28:33 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/28 23:28:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/28 23:28:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/28 23:28:33 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/28 23:28:33 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/28 23:28:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/28 23:28:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/28 23:28:32 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/28 23:28:32 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/28 23:28:32 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/28 23:28:32 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/28 23:28:32 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/28 23:28:32 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/28 23:28:32 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/28 23:28:32 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/28 23:28:32 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/28 23:28:32 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/28 23:28:32 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/28 23:28:32 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/28 23:28:32 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/28 23:28:32 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/28 23:28:32 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/28 23:28:32 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/28 23:28:32 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/28 23:28:32 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/28 23:28:32 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/28 23:28:32 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/28 23:28:32 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/28 23:28:32 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/28 23:28:32 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/28 23:28:32 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/28 23:28:32 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/28 23:28:32 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/28 23:28:32 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/28 23:28:32 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/28 23:28:32 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/28 23:28:32 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/28 23:28:32 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/28 23:28:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/28 23:28:32 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/28 23:28:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/28 23:28:32 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/28 23:28:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/28 23:28:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/28 23:28:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/28 23:28:32 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/28 23:28:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/28 23:28:32 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/28 23:28:32 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/28 23:28:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/28 23:28:32 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/28 03:27:40 | 000,000,000 | ---D | C] -- C:\284b150cfa7739fc4a
[2013/11/27 16:43:54 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/27 16:43:27 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/27 16:43:26 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/27 16:43:25 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/27 16:43:25 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/27 16:43:24 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/27 16:43:09 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/27 16:43:03 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/27 16:43:01 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/27 16:43:00 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/27 16:43:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/27 16:43:00 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/27 16:42:49 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/27 16:42:49 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/27 16:42:49 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/27 16:42:49 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2012/02/09 14:49:54 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\AppFramework.dll
[2012/02/09 14:49:54 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
[2012/02/09 14:49:54 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files (x86)\Common Files\FlickrProvider.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/19 20:47:43 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/19 20:47:43 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/19 20:43:59 | 000,819,712 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/19 20:43:59 | 000,692,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/19 20:43:59 | 000,137,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/19 20:38:57 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/19 20:38:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/19 20:38:45 | 117,628,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/18 12:14:38 | 001,049,012 | ---- | M] () -- C:\Windows\SysNative\oem7.inf
[2013/12/18 12:14:09 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/17 18:42:12 | 000,061,440 | ---- | M] ( ) -- C:\Users\Bev\Desktop\VEW.exe
[2013/12/17 12:46:54 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Bev\Desktop\JRT.exe
[2013/12/17 12:46:52 | 001,226,750 | ---- | M] () -- C:\Users\Bev\Desktop\AdwCleaner.exe
[2013/12/17 00:40:17 | 000,000,017 | ---- | M] () -- C:\Users\Bev\AppData\Local\resmon.resmoncfg
[2013/12/17 00:36:54 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2013/12/17 00:31:10 | 037,013,400 | ---- | M] (Hewlett-Packard Company ) -- C:\Users\Bev\Desktop\sp57965.exe
[2013/12/17 00:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/17 00:24:04 | 006,038,592 | ---- | M] (Hewlett-Packard ) -- C:\Users\Bev\Desktop\sp55040.exe
[2013/12/17 00:00:15 | 000,026,406 | ---- | M] () -- C:\Users\Bev\Desktop\regold.reg
[2013/12/16 23:51:58 | 000,026,530 | ---- | M] () -- C:\Users\Bev\Desktop\dhcp.reg
[2013/12/16 22:41:38 | 004,009,167 | ---- | M] () -- C:\Users\Bev\Desktop\ServicesRepair.exe
[2013/12/16 18:55:28 | 000,760,937 | ---- | M] (Farbar) -- C:\Users\Bev\Desktop\MiniToolBox.exe
[2013/12/16 17:35:52 | 001,927,940 | ---- | M] (Farbar) -- C:\Users\Bev\Desktop\FRST64.exe
[2013/12/15 12:33:04 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBev.job
[2013/12/14 20:18:53 | 000,000,079 | ---- | M] () -- C:\Windows\RunDev.bat
[2013/12/14 20:18:44 | 000,075,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\devconx64.exe
[2013/12/14 18:42:22 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013/12/14 18:42:01 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/12/14 18:40:20 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Bev\Desktop\mbar-1.07.0.1008.exe
[2013/12/13 02:15:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bev\Desktop\OTL.exe
[2013/12/11 21:39:26 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Bev\Desktop\dds.com
[2013/12/11 21:18:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/11 21:09:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/11 19:53:28 | 013,086,648 | ---- | M] (IObit ) -- C:\Users\Bev\Desktop\driverbooster-cnet-setup.exe
[2013/12/11 18:56:12 | 005,153,140 | R--- | M] (Swearware) -- C:\Users\Bev\Desktop\ComboFix.exe
[2013/12/07 09:04:24 | 303,105,017 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/06 00:32:36 | 000,002,177 | ---- | M] () -- C:\Users\Bev\Desktop\HP Support Assistant.lnk
[2013/12/04 10:58:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/11/28 23:28:45 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/28 23:28:45 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/28 23:28:33 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/28 23:28:33 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/28 23:28:33 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/28 23:28:33 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/28 23:28:33 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/28 23:28:33 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/28 23:28:33 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/28 23:28:33 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/28 23:28:33 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/28 23:28:33 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/28 23:28:33 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/28 23:28:33 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/28 23:28:33 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/28 23:28:33 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/28 23:28:33 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/28 23:28:33 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/28 23:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/28 23:28:33 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/28 23:28:33 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/28 23:28:33 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/28 23:28:33 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/28 23:28:33 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/28 23:28:33 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/28 23:28:33 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/28 23:28:33 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/28 23:28:33 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/28 23:28:33 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/28 23:28:33 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/28 23:28:33 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/28 23:28:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/28 23:28:33 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/28 23:28:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/28 23:28:33 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/28 23:28:33 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/28 23:28:33 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/28 23:28:32 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/28 23:28:32 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/28 23:28:32 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/28 23:28:32 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/28 23:28:32 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/28 23:28:32 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/28 23:28:32 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/28 23:28:32 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/28 23:28:32 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/28 23:28:32 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/28 23:28:32 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/28 23:28:32 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/28 23:28:32 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/28 23:28:32 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/28 23:28:32 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/28 23:28:32 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/28 23:28:32 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/28 23:28:32 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/28 23:28:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/28 23:28:32 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/28 23:28:32 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/28 23:28:32 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/28 23:28:32 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/28 23:28:32 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/28 23:28:32 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/28 23:28:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/28 23:28:32 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/28 23:28:32 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/28 23:28:32 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/28 23:28:32 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/28 23:28:32 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/28 23:28:32 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/28 23:28:32 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/28 23:28:32 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/28 23:28:32 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/28 23:28:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/28 23:28:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/28 23:28:32 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/28 23:28:32 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/28 23:28:32 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/28 23:28:32 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/28 23:28:32 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/28 23:28:32 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/28 23:28:32 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/28 23:28:32 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/27 21:36:55 | 000,010,713 | ---- | M] () -- C:\Users\Bev\Desktop\minecraftimages_zps32c22d75.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/18 12:14:56 | 000,459,114 | ---- | C] () -- C:\Users\Bev\Desktop\GrantPerms.exe
[2013/12/17 18:43:30 | 000,061,440 | ---- | C] ( ) -- C:\Users\Bev\Desktop\VEW.exe
[2013/12/17 12:48:07 | 001,226,750 | ---- | C] () -- C:\Users\Bev\Desktop\AdwCleaner.exe
[2013/12/17 00:40:17 | 000,000,017 | ---- | C] () -- C:\Users\Bev\AppData\Local\resmon.resmoncfg
[2013/12/17 00:36:49 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013/12/17 00:00:15 | 000,026,406 | ---- | C] () -- C:\Users\Bev\Desktop\regold.reg
[2013/12/16 23:52:55 | 000,026,530 | ---- | C] () -- C:\Users\Bev\Desktop\dhcp.reg
[2013/12/16 22:44:40 | 004,009,167 | ---- | C] () -- C:\Users\Bev\Desktop\ServicesRepair.exe
[2013/12/14 20:18:45 | 000,000,079 | ---- | C] () -- C:\Windows\RunDev.bat
[2013/12/14 19:41:05 | 001,049,012 | ---- | C] () -- C:\Windows\SysNative\oem7.inf
[2013/12/13 12:55:54 | 000,377,856 | ---- | C] () -- C:\Users\Bev\Desktop\gmer.exe
[2013/12/11 21:18:40 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/11 19:05:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/11 19:05:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/11 19:05:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/11 19:05:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/11 19:05:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/12/06 17:07:26 | 303,105,017 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/12/06 00:32:36 | 000,002,177 | ---- | C] () -- C:\Users\Bev\Desktop\HP Support Assistant.lnk
[2013/12/04 10:58:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/11/28 23:28:33 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/28 23:28:32 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/27 21:37:40 | 000,010,713 | ---- | C] () -- C:\Users\Bev\Desktop\minecraftimages_zps32c22d75.jpg
[2013/08/05 15:44:39 | 000,002,475 | ---- | C] () -- C:\Users\Bev\AppData\Roaming\SAS7_000.DAT
[2012/02/10 19:12:58 | 000,000,008 | RHS- | C] () -- C:\ProgramData\F081BF6BC0.sys
[2012/02/09 14:49:54 | 000,402,800 | ---- | C] () -- C:\Program Files (x86)\Common Files\facebook.dll
[2012/02/09 14:49:54 | 000,148,177 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2012/02/09 14:49:54 | 000,130,416 | ---- | C] () -- C:\Program Files (x86)\Common Files\PluginCommon.dll
[2012/02/08 22:18:17 | 000,000,066 | ---- | C] () -- C:\Windows\SysWow64\HYSBUAYB.SYS
[2012/02/07 22:14:06 | 000,005,120 | ---- | C] () -- C:\Users\Bev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/07 22:14:01 | 000,005,224 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/07 21:37:59 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012/02/07 19:00:31 | 000,805,630 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/07 18:54:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: MSWSOCK.DLL >
[2010/11/20 20:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2013/09/06 19:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/20 20:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\erdnt\cache64\mswsock.dll
[2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
[2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[2013/09/06 19:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\erdnt\cache86\mswsock.dll
[2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
[2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 20:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 09:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 20:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2012/10/03 10:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: WFPLWF.SYS >
[2009/07/13 16:09:28 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=611B23304BF067451A9FDEE01FBDD725 -- C:\Users\Bev\Desktop\wfplwf.sys
[2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=611B23304BF067451A9FDEE01FBDD725 -- C:\Windows\SysNative\drivers\wfplwf.sys
[2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=611B23304BF067451A9FDEE01FBDD725 -- C:\Windows\winsxs\amd64_microsoft-windows-wfplwf_31bf3856ad364e35_6.1.7600.16385_none_581185b3683f7a8f\wfplwf.sys

< MD5 for: WINRNR.DLL >
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 957 bytes -> C:\Users\Bev\Documents\Your IncrediGames Games Order #108511510.eml:OECustomProperty
@Alternate Data Stream - 380 bytes -> C:\ProgramData\Temp:FEE5129B
@Alternate Data Stream - 368 bytes -> C:\ProgramData\Temp:5D96AD1A
@Alternate Data Stream - 366 bytes -> C:\ProgramData\Temp:0BEC8379
@Alternate Data Stream - 364 bytes -> C:\ProgramData\Temp:A700ABC5
@Alternate Data Stream - 356 bytes -> C:\ProgramData\Temp:A7F5A65E
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:0FF263E8
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:3FD02B38
@Alternate Data Stream - 179 bytes -> C:\ProgramData\Temp:100384F2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:B8CD998E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:89477489
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:FBFC061F

< End of report >


OTL Extras logfile created on: 12/19/2013 8:49:23 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bev\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.48 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 78.13% Memory free
10.96 Gb Paging File | 9.49 Gb Available in Paging File | 86.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.75 Gb Total Space | 508.87 Gb Free Space | 88.23% Space Free | Partition Type: NTFS
Drive D: | 15.25 Gb Total Space | 1.66 Gb Free Space | 10.91% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 3.95 Gb Free Space | 99.75% Space Free | Partition Type: FAT32
Drive G: | 976.11 Mb Total Space | 976.08 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: BEV-HP | User Name: Bev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02698CB8-9CD5-42DD-ADAD-242A627F4685}" = lport=138 | protocol=17 | dir=in | app=system |
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0A0BF7BB-B529-4B00-9F8C-B767FD7F9108}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{148C9E51-751B-4E7F-B55D-458B7B7C76D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C5B381F-A225-4505-B264-DD8FA005C2CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39768F4D-3748-42A2-B0D0-0951A9E00470}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42C76FDD-789A-4C30-B448-D3B837C0507B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45110AEF-166D-452E-838F-B34D1E85F5A3}" = lport=445 | protocol=6 | dir=in | app=system |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5A94852B-2800-4B89-B8F9-21E0D5FD514F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{650740C9-4FA1-4945-9FA3-BA530BE0A585}" = lport=138 | protocol=17 | dir=in | app=system |
"{6508188D-5701-4314-BF2C-6C8F2DE29930}" = lport=139 | protocol=6 | dir=in | app=system |
"{660D2B1C-CA1E-4441-9CB6-6F6FE8220A45}" = lport=139 | protocol=6 | dir=in | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70F9BD42-577F-4C29-A0F2-7FEEA769A997}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{7FDB4343-2B4C-426A-B3CE-6A2DF82A544C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8075211F-E42D-43D5-839F-7DADA4EE88C6}" = lport=445 | protocol=6 | dir=in | app=system |
"{833C749F-5A85-46AE-ABE4-191B93E0C7C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87BBF54F-A4BC-4332-A4BB-0F6908D4C4E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{995F131A-AFCD-4967-8CEA-3F0AADA6176F}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5240CDF-C1B7-4C4E-9F98-0CD3D68CEBC1}" = rport=138 | protocol=17 | dir=out | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4D13F11-4126-47E4-8D60-B00D6CC28E2F}" = lport=137 | protocol=17 | dir=in | app=system |
"{C958010D-1D8F-48DF-BA51-5E2BA8865C15}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9F7A01F-9B7C-44F8-AE4D-2FD8FD8A92FC}" = rport=137 | protocol=17 | dir=out | app=system |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D89D09C9-7C0C-4D72-8BFA-186DEA83A286}" = lport=137 | protocol=17 | dir=in | app=system |
"{D8D7F41B-2461-4B28-BBC2-A6C0A3112565}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE9C97DC-522A-493C-BC15-0CB41B0369E4}" = rport=445 | protocol=6 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F6880D27-4DC9-4DC2-B391-B8CC357E8E77}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE1FAE7F-164E-4CAF-ADC2-4E2FCFF29290}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B559468-EFDC-40EB-9B63-456FED163244}" = protocol=58 | dir=in | [email protected],-28545 |
"{41DB10F6-E41B-48B8-992F-ECE213D80286}" = protocol=1 | dir=out | [email protected],-28544 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{4BB30168-8DD5-439F-A540-4B95F66560F8}" = protocol=58 | dir=out | [email protected],-28546 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{737F01BE-E6FB-4578-A388-91D8074F83A9}" = protocol=1 | dir=in | [email protected],-28543 |
"{779882C2-1C19-49DE-AF13-4C3A977FB645}" = protocol=58 | dir=out | [email protected],-28546 |
"{785C964D-F1AC-4DCC-A516-4A5C16AE3BD0}" = protocol=1 | dir=in | [email protected],-28543 |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C861DC4B-B54D-4C08-82BF-4C717DE31C24}" = protocol=58 | dir=in | [email protected],-28545 |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E46E53A7-2C11-4311-A36A-723944263AFE}" = protocol=1 | dir=out | [email protected],-28544 |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{48C46F0E-7B86-AC31-ACFC-2B40F1C90ACE}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6153098B-60DB-6A9F-EA0F-B006A96B57D5}" = ATI Catalyst Install Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software
"{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AADE02D5-DCBF-04C3-CD05-ABA83D28BC4A}" = AMD Fuel
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBA2849B-6C95-9FD2-7ACC-BF456F1958AA}" = AMD Media Foundation Decoders
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{004C349C-DC75-4F6F-9B8D-61E37DC323B6}" = Magic Bullet PhotoLooks for PaintShop Photo Pro
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15412249-0AFA-D2A1-E7E2-E57AE1A96781}" = CCC Help Swedish
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EAB36E-A979-0870-F58F-6F4F34017D29}" = CCC Help Chinese Traditional
"{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}" = Family Tree Maker 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2070F457-B044-FCEE-B6DA-CB2C12CD76A5}" = CCC Help German
"{224CA902-F494-FD2A-4211-771454ED464B}" = CCC Help English
"{252FC4D1-4056-7237-6B19-4C66D0CF45A9}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BE2E4AA-C164-FEB5-6C82-BBBC90C88915}" = CCC Help Hungarian
"{3DA41E54-9526-40C0-8456-66B09379DFCC}" = PaintShop Photo Pro X3 Registration Incentive
"{44D822AA-DA6D-1915-4B64-60D06AE613CE}" = CCC Help Danish
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A917E5E-2567-C01E-7F41-AF09DAE523A1}" = AMD VISION Engine Control Center
"{5377D0E6-0B77-5C94-A3F8-2A7C0E5791A1}" = CCC Help French
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5FE625A7-E8D6-2E41-4693-F6AC6310C467}" = CCC Help Polish
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F076041-F337-5F67-75E7-6C1324D43EC6}" = CCC Help Japanese
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{7FA82763-D04B-A656-159B-BD8847176377}" = CCC Help Russian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{955CB8C1-F5F9-B649-FC65-FD65F9EC0459}" = CCC Help Korean
"{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
"{97E33108-2206-087B-9399-29F5201AAC98}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3CC933-5EF7-A868-7B74-1A227394566E}" = CCC Help Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1ACD45F-0D8E-0566-0EC0-530CDCD7E8F4}" = Catalyst Control Center Graphics Previews Common
"{A3D1D38D-9C85-7BEB-5AC8-EC2D90E2882A}" = CCC Help Czech
"{A440179F-D169-B9DA-B478-6CE97FDB3D4C}" = CCC Help Greek
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B898ABBB-4723-84B5-04C4-32A15F9DBD48}" = CCC Help Chinese Standard
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B91459FD-63A9-71E3-68F1-82352B0892B3}" = Catalyst Control Center Localization All
"{B976E52C-93A3-5CD1-FF67-658877850EDD}" = CCC Help Italian
"{BEDC570A-C947-D0C8-3014-A1EAA042779D}" = CCC Help Turkish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2EE0EA6-826F-63EA-8751-E2F3714DBA40}" = CCC Help Thai
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5441D19-417C-8C34-3F31-CCBD563C946E}" = Catalyst Control Center InstallProxy
"{E56E5D38-5972-420A-9BAF-0F84471E0142}" = HP Documentation
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA8CC2F2-BC30-141C-92B6-CC870B4B2977}" = CCC Help Spanish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F8428B4D-E324-4F5C-9CC7-E88B53CD765E}" = ContentHD
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F8FBF4C7-5ADA-66B1-6509-09E05C257963}" = CCC Help Norwegian
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"110082360" = Alien Shooter
"116511547" = TonkyPonky
"119074567" = Super Jigsaw Americana
"119785487" = Tasty Planet Back for Seconds
"510006194" = Toy Defense
"510006214" = Amazing Adventures Riddle of the Two Knights
"510006545" = Ozzy Bubbles
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BFGC" = Big Fish Games: Game Manager
"Blaze Audio Overdub!_is1" = Blaze Audio Overdub!
"Blaze Audio Sound Effects Set 1_is1" = Blaze Audio Sound Effects Set 1
"Family Tree Maker 2012" = Family Tree Maker 2012
"FrostWire 5" = FrostWire 5.2.11
"Google Chrome" = Google Chrome
"IncrediMail" = IncrediMail 2.0
"InstallShield_{004C349C-DC75-4F6F-9B8D-61E37DC323B6}" = Magic Bullet PhotoLooks for PaintShop Photo Pro
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2013 11:41:15 PM | Computer Name = BEV-HP | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
= 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
Writer Instance ID: {984d7c9e-d1b4-4bfa-8b15-aeb5ff8b8b1d}

Error - 12/17/2013 11:42:08 PM | Computer Name = BEV-HP | Source = WinMgmt | ID = 10
Description =

Error - 12/18/2013 12:02:57 AM | Computer Name = BEV-HP | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
= 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
Writer Instance ID: {6e56247c-0220-4a19-a30c-4a130d8472e7}

Error - 12/18/2013 12:03:50 AM | Computer Name = BEV-HP | Source = WinMgmt | ID = 10
Description =

Error - 12/18/2013 3:13:02 PM | Computer Name = BEV-HP | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
= 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
Writer Instance ID: {de7b009a-7af3-4aae-93ac-75039dcb0dad}

Error - 12/18/2013 3:13:54 PM | Computer Name = BEV-HP | Source = WinMgmt | ID = 10
Description =

Error - 12/18/2013 3:23:56 PM | Computer Name = BEV-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 12/19/2013 11:38:55 PM | Computer Name = BEV-HP | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
= 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
Writer Instance ID: {4dc206b8-36a1-4ef3-b591-4d669f37573e}

Error - 12/19/2013 11:39:47 PM | Computer Name = BEV-HP | Source = WinMgmt | ID = 10
Description =

Error - 12/19/2013 11:49:49 PM | Computer Name = BEV-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

[ Hewlett-Packard Events ]
Error - 2/8/2012 12:41:22 AM | Computer Name = Bev-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/12/2012 2:55:36 PM | Computer Name = Bev-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/12/2012 2:55:58 PM | Computer Name = Bev-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/24/2012 9:07:12 PM | Computer Name = Bev-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/24/2012 10:52:45 PM | Computer Name = Bev-HP | Source = hpsa_service.exe | ID = 2000
Description =

Error - 9/10/2012 10:41:25 PM | Computer Name = Bev-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 9/10/2012 10:41:35 PM | Computer Name = Bev-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Object
reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5610 Ram Utilization: 30 TargetSite: Void closeConnection()


Error - 4/13/2013 2:20:39 PM | Computer Name = Bev-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 4/18/2012 1:24:40 PM | Computer Name = Bev-HP | Source = CaslWmi | ID = 5
Description = 2012/04/18 11:24:40.427|00001624|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/18/2012 1:24:49 PM | Computer Name = Bev-HP | Source = CaslWmi | ID = 5
Description = 2012/04/18 11:24:49.403|00000DA8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/18/2012 1:24:55 PM | Computer Name = Bev-HP | Source = CaslWmi | ID = 5
Description = 2012/04/18 11:24:55.156|00000A34|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/18/2012 1:25:04 PM | Computer Name = Bev-HP | Source = CaslWmi | ID = 5
Description = 2012/04/18 11:25:04.107|00000E9C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/14/2012 4:26:45 PM | Computer Name = Bev-HP | Source = CaslWmi | ID = 5
Description = 2012/05/14 14:26:45.229|00000C38|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/14/2012 4:28:20 PM | Computer Name = Bev-HP | Source = CaslWmi | ID = 5
Description = 2012/05/14 14:28:20.246|00001360|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/14/2012 4:28:26 PM | Computer Name = Bev-HP | Source = CaslWmi | ID = 5
Description = 2012/05/14 14:28:26.870|0000058C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/14/2012 4:28:35 PM | Computer Name = Bev-HP | Source = CaslWmi | ID = 5
Description = 2012/05/14 14:28:35.898|00000F80|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/14/2012 4:28:41 PM | Computer Name = Bev-HP | Source = CaslWmi | ID = 5
Description = 2012/05/14 14:28:41.890|00001030|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/14/2012 4:28:51 PM | Computer Name = Bev-HP | Source = CaslWmi | ID = 5
Description = 2012/05/14 14:28:51.275|00001184|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 12/19/2013 11:39:49 PM | Computer Name = BEV-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Psched WfpLwf

Error - 12/19/2013 11:39:50 PM | Computer Name = BEV-HP | Source = Service Control Manager | ID = 7003
Description = The HomeGroup Provider service depends the following service: netprofm.
This service might not be installed.

Error - 12/19/2013 11:39:50 PM | Computer Name = BEV-HP | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023821.

Error - 12/19/2013 11:41:49 PM | Computer Name = BEV-HP | Source = MSiSCSI | ID = 106
Description = Error 0x00000002 while initializing iSCSI initiator service at checkpoint
17.

Error - 12/19/2013 11:41:49 PM | Computer Name = BEV-HP | Source = Service Control Manager | ID = 7023
Description = The Microsoft iSCSI Initiator Service service terminated with the
following error: %%2

Error - 12/19/2013 11:41:49 PM | Computer Name = BEV-HP | Source = Service Control Manager | ID = 7031
Description = The Microsoft iSCSI Initiator Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in
300000 milliseconds: Restart the service.

Error - 12/19/2013 11:41:54 PM | Computer Name = BEV-HP | Source = WMPNetworkSvc | ID = 866301
Description =

Error - 12/19/2013 11:46:49 PM | Computer Name = BEV-HP | Source = MSiSCSI | ID = 106
Description = Error 0x00000002 while initializing iSCSI initiator service at checkpoint
17.

Error - 12/19/2013 11:46:49 PM | Computer Name = BEV-HP | Source = Service Control Manager | ID = 7023
Description = The Microsoft iSCSI Initiator Service service terminated with the
following error: %%2

Error - 12/19/2013 11:46:49 PM | Computer Name = BEV-HP | Source = Service Control Manager | ID = 7034
Description = The Microsoft iSCSI Initiator Service service terminated unexpectedly.
It has done this 3 time(s).


< End of report >

Edited by GoBerserkMode, 19 December 2013 - 10:03 PM.

  • 0

#39
GoBerserkMode

GoBerserkMode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
It is also worth mentioning that I have gained access to a Windows 7 Professional 64-bit install disk from DELL.
  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Right click on the file and select Properties then Security. You should have 4 users in the list. Trusted Installer should have all boxes checked. The rest just have Read & Execute and Read.


  • 0

Advertisements


#41
GoBerserkMode

GoBerserkMode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OK, I set permissions on wfplwf.sys, deleted it, and replaced it with the one you gave me.
  • 0

#42
GoBerserkMode

GoBerserkMode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
GrantPerms still does not see it.
  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
How about if you look for it here:

C:\Windows\SysNative\drivers\wfplwf.sys


I guess more important than Grant Permissions is does it work? If you go into Device Manager (View Show Hidden Devices) then look in non-plug and play do you see the WFP Lightweight Filter and does it still have a yellow flag?
  • 0

#44
GoBerserkMode

GoBerserkMode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
GrantPerms by Farbar
Ran by Bev (administrator) at 2013-12-20 00:16:28

===============================================
\\?\c:\windows\sysnative\drivers\wfplwf.sys

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)





I now do not even see anything for device manager-> WFP Lightweight Filter...ive attached an image of a screencap.

Attached Thumbnails

  • Image1.png

  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
See if you can uninstall Windows Live. It puts things in the winsock chain which we don't need and just makes things more complicated.

Then let's try:

Copy the next 2 lines:

driverquery /v > \junk.txt
notepad \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close notepad. Close the Command Window.


This should show all drivers, even those that are turned off. You have one on that is not on in my PC. Winsock ifs driver. No idea what it does or why it is on in yours and not in mine unless Windows Live added it. If it is still on after uninstalling Windows Live:

If you go in to regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ws2ifsl in the right pane you should see Start. Double click on Start and change whatever number is there to 4 then OK.

While in regedit, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Psched then right click and Export. Save the file as psched somewhere you can find it again and then zip it up or rename it to psched.txt and attach it. (don't think the forum allows you to attach .reg files but it might).
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP