Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection - Vista PC - No Broadband connection to Internet


  • This topic is locked This topic is locked
26 replies to this topic

#1 3Jim3

3Jim3

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 13 July 2014 - 12:09 PM

Hi everyone - New to site.

 

My nephew was using PC IExplorer and said a Notification pop-up saying something like - encrypting files - he tried to exit the page and couldn’t so he powered off the PC.

 

Now PC doesn’t recognize my broadband connection (hardwired connection). Went to Control Panel-Internet Options-connections. It lists Broadband Connection and never dial a connection. Clicked LAN Settings show a check at Automatically detect settings. The Proxy server section is not checked.

Closed out with ok Clicked Connect to internet - Clicked existing option "Broadband" next - unable to connect - clicked diagnose response was detected a problem but was unable to fix. Went back to internet connection cleared everything and reapplied as above. Now when I click Connect to Internet I get Error 797 modem not found or was busy.

 

Removed the hardwired Ethernet connection from the PC and connected it to Laptop. Laptop connection works fine.

 

I don’t know how to proceed.

 

As per the posted guidelines, I downloaded DDS to a flash-drive and then copied to PC and ran DDS.

7-13 DDS.TXT is below and 7-13 Attach.TXT is attached.

 

Any help is appreciated - Jim

Attached File  7-13 Attach.txt   9.64KB   1 downloads

 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16561

Run by Jim at 12:34:33 on 2014-07-13

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.1972 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\McAfee\MSC\McAPExe.exe

C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

C:\Windows\ehome\ehsched.exe

C:\Windows\ehome\ehRecvr.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\iolo\System Mechanic\iologovernor.exe

C:\hp\support\hpsysdrv.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Common Files\AOL\1326169180\ee\aolsoftware.exe

C:\Windows\system32\schtasks.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe

C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe

C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k wdisvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] c:\hp\kbd\KbdStub.EXE

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"

mRun: [HostManager] c:\program files\common files\aol\1326169180\ee\AOLSoftware.exe

mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [WD Drive Unlocker] c:\program files\western digital\wd security\WDDriveAutoUnlock.exe

mRun: [WD Quick View] c:\program files\western digital\wd quick view\WDDMStatus.exe

mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

TCP: NameServer = 204.186.110.76 204.186.80.251 216.144.187.199

TCP: Interfaces\{5306BA74-43BA-43AB-AF39-EB1D6C04889B} : DHCPNameServer = 204.186.110.76 204.186.80.251 216.144.187.199

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 574576]

R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-1-12 215624]

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2014-5-3 26248]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-1-12 21504]

R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-1-21 281560]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2013-12-30 4492776]

R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2014-1-21 145568]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-1-21 281560]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-1-21 281560]

R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-1-21 281560]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-1-21 281560]

R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2014-1-21 655936]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-1-10 169800]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-1-10 179600]

R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2013-12-30 68464]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-8-27 93072]

R2 WDBackup;WD Backup;c:\program files\western digital\wd smartware\WDBackupEngine.exe [2014-6-2 1042808]

R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2014-6-2 296312]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-1-10 61400]

R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2014-1-27 236672]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-1-10 367776]

R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2014-3-18 345584]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]

S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2014-4-23 147912]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-1-10 66408]

S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2014-3-18 81264]

S3 pbfilter;pbfilter;c:\users\jim\documents\my documents\computer\otherprograms\2-11-11 peerblock v1.0.0.181\pbfilter.sys [2013-4-28 16472]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]

S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-1-10 84200]

.

=============== Created Last 30 ================

.

2014-07-12 21:50:39 -------- d-----w- c:\users\jim\appdata\local\HP Guide

2014-07-11 18:12:17 -------- d-sh--w- C:\found.000

2014-07-11 15:42:22 8140904 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{17d01716-77e1-45c2-9284-76541e712bc0}\mpengine.dll

2014-07-09 14:15:08 937472 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2014-07-09 14:15:08 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL

2014-07-09 14:15:07 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2014-07-09 14:15:07 965120 ----a-w- c:\program files\windows journal\JNWDRV.dll

2014-07-09 14:15:04 1305088 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll

2014-07-09 14:15:03 2051072 ----a-w- c:\windows\system32\win32k.sys

2014-07-09 14:15:03 149504 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll

2014-07-09 14:15:03 114688 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll

2014-07-09 14:15:01 506880 ----a-w- c:\windows\system32\qedit.dll

2014-07-09 14:15:00 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2014-07-07 03:46:13 -------- d-----w- c:\program files\Maxtor

2014-06-24 00:42:53 -------- d-----w- c:\programdata\Package Cache

2014-06-22 00:21:50 -------- d-----w- c:\users\jim\appdata\local\Western Digital

2014-06-22 00:21:42 -------- d-----w- c:\users\jim\appdata\local\Western_Digital_Technolog

2014-06-21 19:09:24 -------- d-----w- c:\program files\Western Digital

2014-06-21 19:09:24 -------- d-----w- c:\program files\common files\Western Digital

2014-06-21 19:07:11 -------- d-----w- c:\programdata\Western Digital

2014-06-21 18:37:23 -------- d-----w- c:\users\jim\appdata\local\Adobe

.

==================== Find3M ====================

.

2014-07-08 22:03:29 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-07-08 22:03:29 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-06-06 23:12:01 1810432 ----a-w- c:\windows\system32\jscript9.dll

2014-06-06 23:03:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2014-06-06 23:02:16 1129472 ----a-w- c:\windows\system32\wininet.dll

2014-06-06 22:57:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2014-06-06 22:56:20 421376 ----a-w- c:\windows\system32\vbscript.dll

2014-06-06 22:52:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2014-06-06 22:51:59 11776 ----a-w- c:\windows\system32\mshta.exe

2014-04-30 14:24:50 41616 ----a-w- c:\windows\system32\iolobtdfg.exe

2014-04-30 14:24:42 23568 ----a-w- c:\windows\system32\smrgdf.exe

2014-04-30 14:08:34 2097984 ----a-w- c:\windows\system32\Incinerator32.dll

2014-04-26 16:01:22 502784 ----a-w- c:\windows\system32\usp10.dll

.

============= FINISH: 12:36:00.04 ===============

 

 



BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:14 AM

Posted 16 July 2014 - 09:26 AM

Hello 3Jim3,

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Note that you will need to download these on a working computer, then transfer them to the sick computer via USB flash drive until we can restore your Internet access.

I'm throwing a lot at you here in the first post, please take your time and ask me if you have questions about any of it. If you are unable to complete a task (listed in this post), complete the next one and let me know what you had trouble with.

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
==========================================================================

System Summary Information
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
==========================================================================
IPConfig
  • Hold the Windows key and press R on your keyboard.
  • In the Run box that appears, type CMD and click on OK.
  • Type the following command:
    • IPCONFIG /ALL
  • Right click in the command window and choose Select All, then hit Enter.
  • Paste the results in a message here.
==========================================================================

Ping Test
  • Lastly, let's see this:
  • Hold the Windows key and press R on your keyboard.
  • In the Run box that appears, type CMD and click on OK.
  • Type the following command: PING google.com
  • Right click in the command window and choose Select All, then hit Enter.
  • Paste the results in a message here.
  • If necessary, use a text file and removable media to copy the results to a computer with internet access for all of the above.
==========================================================================

What I'd like to see in your next post: :thumbsup2:
  • FRST.txt
  • Addition.txt
  • System Summary Information
  • IPConfig results
  • Ping results

Edited by TheShooter93, 16 July 2014 - 09:44 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 3Jim3

3Jim3
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 16 July 2014 - 02:35 PM

Hi Cody - Thanks for your help and time spent - Jim

 

 

7-16 FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01

Ran by Jim (administrator) on JIM1-PC on 16-07-2014 13:33:05

Running from C:\Users\Jim\Desktop

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe

(AOL LLC) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

(Seagate Technology LLC) C:\Program Files\Maxtor\Sync\SyncServices.exe

(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe

(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

(iolo technologies, LLC) C:\Program Files\iolo\System Mechanic\ioloGovernor.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

(AOL Inc.) C:\Program Files\Common Files\AOL\1326169180\ee\aolsoftware.exe

(Microsoft Corporation) C:\WINDOWS\System32\schtasks.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

() C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe

() C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe

(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe

(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe

(Maxtor Corporation) C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehsched.exe

(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe

(Farbar) C:\Users\Jim\Desktop\FRST32bit.exe

 

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)

HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)

HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [71176 2007-05-24] (Hewlett-Packard)

HKLM\...\Run: [HP Software Update] => c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-02-17] (Hewlett-Packard Co.)

HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)

HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)

HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1326169180\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)

HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)

HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)

HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)

HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5563760 2014-06-02] (Western Digital Technologies, Inc.)

HKLM\...\Run: [mxomssmenu] => C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [169264 2007-09-06] (Maxtor Corporation)

HKLM\...\Runonce: [4FA12186-8D89-4137-B5DF-B472F6A69F8B] - [X]

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-1152566883-324814512-1739802199-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

BootExecute: """autocheck autochk /p \??\F:"""ጔc䡡Ȳᜄጔ僈ڏ䝁Ȳ̈́ጠ""췩گ䎠ጱā>嵑ȧҰ85/2/2014 15:40;Freed 568 KB of temporary Windows clutterl䂀ȧ뇀ጷautocheck smrgdf C:\Users\Jim\AppData\Roaming\iolo\d͇峘ፘ嬸ፘ࡛iolobtdfg C:\Windows\system32e)Ұôhttp://www.iolo.com/redirect/process.aspx?pg=ebc8081a-99d5-46ee-b36d-9f97c647f6fe&p=55fd1d5a-7aef-4da3-8faf-a71b2a52ffc7&b=d9d8e8b3-5596-47f7-8970-14dd2d1f0b9b&appver=12.7.1.2&ak=magp9f4p7kjlj7b7332t&locale=en&lm=5&ls=2&doi=41638&bits=32&sg=001ty.tistics>></Statistics>

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop

SearchScopes: HKLM - DefaultScope {3063DD7D-BD23-4CD4-959B-05CEFF928766} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKLM - {00E1DAF7-A9A1-4DF9-B3FD-98CF8796201E} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

SearchScopes: HKLM - {3063DD7D-BD23-4CD4-959B-05CEFF928766} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKLM - {A32C20F4-5BDA-451F-B1B0-39E078E8075B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM - {C0B52B79-80DB-48A9-B1B9-3868BECE7A30} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7

SearchScopes: HKCU - DefaultScope {3063DD7D-BD23-4CD4-959B-05CEFF928766} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKCU - {3063DD7D-BD23-4CD4-959B-05CEFF928766} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKCU - {A32C20F4-5BDA-451F-B1B0-39E078E8075B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKCU - {BF49E13D-7FCF-49C8-9A59-B017C3F9B8D4} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

SearchScopes: HKCU - {C0B52B79-80DB-48A9-B1B9-3868BECE7A30} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7

BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Tcpip\Parameters: [DhcpNameServer] 204.186.110.76 204.186.80.251 216.144.187.199

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @sony.com/Some - C:\Program Files\Sony\Bloggie Software\npsome.dll (Sony)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-21]

========================== Services (Whitelisted) =================

R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-05-24] (Hewlett-Packard) [File not signed]

S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-04-30] (iolo technologies, LLC)

R2 Maxtor Sync Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [156976 2007-09-28] (Seagate Technology LLC)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-04-03] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-04-03] (McAfee, Inc.)

R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-06-02] (Western Digital Technologies, Inc.)

R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-04-03] (McAfee, Inc.)

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-05-29] (EldoS Corporation)

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-04-03] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236672 2014-04-03] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-04-03] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-04-03] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [574576 2014-04-03] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)

S4 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [84200 2011-04-14] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [215624 2014-04-03] (McAfee, Inc.)

S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)

S3 pbfilter; C:\Users\Jim\Documents\My Documents\Computer\OtherPrograms\2-11-11 Peerblock v1.0.0.181\pbfilter.sys [16472 2009-09-28] ()

R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2013-05-29] (Raxco Software, Inc.)

S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 catchme; \??\C:\Users\Jim\AppData\Local\Temp\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 MFE_RR; \??\C:\Users\Jim\AppData\Local\Temp\mfe_rr.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

2014-07-16 13:33 - 2014-07-16 13:33 - 00014867 _____ () C:\Users\Jim\Desktop\FRST.txt

2014-07-16 13:02 - 2014-07-16 13:02 - 00135388 _____ () C:\Users\Jim\Desktop\7-16 Summary.zip

2014-07-16 11:48 - 2014-07-16 11:48 - 03302140 _____ () C:\Users\Jim\Desktop\7-16 Summary.nfo

2014-07-16 11:40 - 2014-07-16 11:40 - 00032370 _____ () C:\Users\Jim\Desktop\7-16 FRST Addition data.txt

2014-07-16 11:37 - 2014-07-16 11:37 - 00032370 _____ () C:\Users\Jim\Desktop\7-16 FRST data.txt

2014-07-16 11:34 - 2014-07-16 13:33 - 00000000 ____D () C:\FRST

2014-07-16 11:21 - 2014-07-16 11:07 - 01077248 _____ (Farbar) C:\Users\Jim\Desktop\FRST32bit.exe

2014-07-15 20:02 - 2014-07-15 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-07-13 12:46 - 2014-07-13 12:46 - 00009874 _____ () C:\Users\Jim\Desktop\7-13 Attach.txt

2014-07-13 12:45 - 2014-07-13 12:45 - 00012737 _____ () C:\Users\Jim\Desktop\7-13 DDS.txt

2014-07-12 18:56 - 2014-07-12 18:56 - 00007071 _____ () C:\Users\Jim\Desktop\7-12-14 System Information.txt

2014-07-12 18:49 - 2014-07-12 18:49 - 00002412 _____ () C:\Users\Jim\Desktop\7-12 FSS.txt

2014-07-12 18:37 - 2014-07-13 12:36 - 00012737 _____ () C:\Users\Jim\Desktop\7-12 dds.txt

2014-07-12 18:37 - 2014-07-13 12:36 - 00009874 _____ () C:\Users\Jim\Desktop\7-12 attach.txt

2014-07-12 18:36 - 2014-07-12 15:44 - 00688992 ____R (Swearware) C:\Users\Jim\Desktop\dds Program.com

2014-07-12 17:50 - 2014-07-12 18:02 - 00000000 ____D () C:\Users\Jim\AppData\Local\HP Guide

2014-07-12 17:14 - 2014-07-12 17:14 - 00031721 _____ () C:\Users\Jim\Desktop\MiniToolBox Result7-12.txt

2014-07-12 17:09 - 2014-07-12 14:27 - 00415744 _____ (Farbar) C:\Users\Jim\Desktop\FSS Ver10.6.2014.0.exe

2014-07-12 17:09 - 2014-07-12 14:25 - 00401920 _____ (Farbar) C:\Users\Jim\Desktop\MiniToolBox ver6.7.2014.0.exe

2014-07-11 22:15 - 2014-07-11 19:28 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Jim\Desktop\7-11-14 SpyHunter-Installer.exe

2014-07-11 22:13 - 2014-07-11 18:59 - 05218473 _____ (Swearware) C:\Users\Jim\Desktop\7-11-14 ComboFix.exe

2014-07-11 14:12 - 2014-07-11 16:17 - 00000000 __SHD () C:\found.000

2014-07-11 13:34 - 2014-07-15 18:17 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat

2014-07-09 10:15 - 2014-06-06 20:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-09 10:15 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-09 10:15 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-09 10:14 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-09 10:14 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-09 10:14 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-09 10:14 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-09 10:14 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-09 10:14 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-09 10:14 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-07-09 10:14 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-09 10:14 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-09 10:14 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-07-09 10:14 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-09 10:14 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-09 10:14 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-09 10:14 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-09 10:14 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-07-09 10:14 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-09 10:14 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-09 10:14 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-07-09 10:14 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-09 10:14 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-07-09 10:14 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-06 23:46 - 2014-07-06 23:46 - 00001948 _____ () C:\Users\Public\Desktop\Maxtor Manager.lnk

2014-07-06 23:46 - 2014-07-06 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxtor

2014-07-06 23:46 - 2014-07-06 23:46 - 00000000 ____D () C:\Program Files\Maxtor

2014-06-23 21:17 - 2014-07-14 22:06 - 00050153 _____ () C:\Users\Jim\Documents\NEWSOFT

2014-06-23 21:00 - 2014-06-23 21:00 - 00001077 _____ () C:\Users\Jim\Desktop\WD SmartWare.lnk

2014-06-23 20:42 - 2014-06-23 20:42 - 00000000 ____D () C:\ProgramData\Package Cache

2014-06-21 20:21 - 2014-06-21 20:21 - 00000000 ____D () C:\Users\Jim\AppData\Local\Western_Digital_Technolog

2014-06-21 20:21 - 2014-06-21 20:21 - 00000000 ____D () C:\Users\Jim\AppData\Local\Western Digital

2014-06-21 20:10 - 2014-06-21 20:10 - 00001114 _____ () C:\Users\Jim\Desktop\WD Drive Utilities.lnk

2014-06-21 15:11 - 2014-06-23 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital

2014-06-21 15:09 - 2014-06-23 20:46 - 00037728 _____ () C:\Windows\DPINST.LOG

2014-06-21 15:09 - 2014-06-23 20:45 - 00000000 ____D () C:\Program Files\Western Digital

2014-06-21 15:09 - 2014-06-23 20:45 - 00000000 ____D () C:\Program Files\Common Files\Western Digital

2014-06-21 15:07 - 2014-06-23 20:45 - 00000000 ____D () C:\ProgramData\Western Digital

2014-06-21 14:37 - 2014-06-21 14:37 - 00000000 ____D () C:\Users\Jim\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-07-16 13:33 - 2014-07-16 13:33 - 00014867 _____ () C:\Users\Jim\Desktop\FRST.txt

2014-07-16 13:33 - 2014-07-16 11:34 - 00000000 ____D () C:\FRST

2014-07-16 13:03 - 2013-02-08 20:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-16 13:02 - 2014-07-16 13:02 - 00135388 _____ () C:\Users\Jim\Desktop\7-16 Summary.zip

2014-07-16 12:22 - 2011-11-21 22:44 - 01543427 _____ () C:\Windows\WindowsUpdate.log

2014-07-16 12:13 - 2006-11-02 08:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-16 12:13 - 2006-11-02 08:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-16 11:48 - 2014-07-16 11:48 - 03302140 _____ () C:\Users\Jim\Desktop\7-16 Summary.nfo

2014-07-16 11:40 - 2014-07-16 11:40 - 00032370 _____ () C:\Users\Jim\Desktop\7-16 FRST Addition data.txt

2014-07-16 11:37 - 2014-07-16 11:37 - 00032370 _____ () C:\Users\Jim\Desktop\7-16 FRST data.txt

2014-07-16 11:30 - 2012-01-12 22:50 - 00000000 ____D () C:\Users\Jim\, My Finance

2014-07-16 11:20 - 2006-11-02 06:33 - 00759408 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-16 11:07 - 2014-07-16 11:21 - 01077248 _____ (Farbar) C:\Users\Jim\Desktop\FRST32bit.exe

2014-07-15 20:02 - 2014-07-15 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-07-15 20:02 - 2013-07-02 13:52 - 00001753 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk

2014-07-15 18:17 - 2014-07-11 13:34 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat

2014-07-15 18:17 - 2006-11-02 08:37 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-07-15 18:15 - 2013-07-30 01:45 - 00829678 _____ () C:\Windows\PFRO.log

2014-07-15 18:15 - 2006-11-02 09:01 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-07-15 18:15 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-14 22:06 - 2014-06-23 21:17 - 00050153 _____ () C:\Users\Jim\Documents\NEWSOFT

2014-07-14 22:03 - 2012-01-10 00:19 - 00000000 ____D () C:\TEMP

2014-07-13 17:11 - 2013-07-30 16:04 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup

2014-07-13 12:46 - 2014-07-13 12:46 - 00009874 _____ () C:\Users\Jim\Desktop\7-13 Attach.txt

2014-07-13 12:45 - 2014-07-13 12:45 - 00012737 _____ () C:\Users\Jim\Desktop\7-13 DDS.txt

2014-07-13 12:36 - 2014-07-12 18:37 - 00012737 _____ () C:\Users\Jim\Desktop\7-12 dds.txt

2014-07-13 12:36 - 2014-07-12 18:37 - 00009874 _____ () C:\Users\Jim\Desktop\7-12 attach.txt

2014-07-13 12:11 - 2013-08-15 21:16 - 00000000 ____D () C:\Users\Jim\,Lake Jamie

2014-07-12 18:56 - 2014-07-12 18:56 - 00007071 _____ () C:\Users\Jim\Desktop\7-12-14 System Information.txt

2014-07-12 18:49 - 2014-07-12 18:49 - 00002412 _____ () C:\Users\Jim\Desktop\7-12 FSS.txt

2014-07-12 18:02 - 2014-07-12 17:50 - 00000000 ____D () C:\Users\Jim\AppData\Local\HP Guide

2014-07-12 17:14 - 2014-07-12 17:14 - 00031721 _____ () C:\Users\Jim\Desktop\MiniToolBox Result7-12.txt

2014-07-12 15:44 - 2014-07-12 18:36 - 00688992 ____R (Swearware) C:\Users\Jim\Desktop\dds Program.com

2014-07-12 14:27 - 2014-07-12 17:09 - 00415744 _____ (Farbar) C:\Users\Jim\Desktop\FSS Ver10.6.2014.0.exe

2014-07-12 14:25 - 2014-07-12 17:09 - 00401920 _____ (Farbar) C:\Users\Jim\Desktop\MiniToolBox ver6.7.2014.0.exe

2014-07-11 22:27 - 2013-05-11 18:50 - 00000000 ____D () C:\Windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP

2014-07-11 22:01 - 2012-01-10 18:08 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\AOL

2014-07-11 19:28 - 2014-07-11 22:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Jim\Desktop\7-11-14 SpyHunter-Installer.exe

2014-07-11 18:59 - 2014-07-11 22:13 - 05218473 _____ (Swearware) C:\Users\Jim\Desktop\7-11-14 ComboFix.exe

2014-07-11 16:17 - 2014-07-11 14:12 - 00000000 __SHD () C:\found.000

2014-07-11 13:34 - 2013-02-23 17:25 - 00000000 ____D () C:\ProgramData\Temp

2014-07-09 16:36 - 2012-01-12 22:49 - 00000000 ____D () C:\Users\Jim\, Current Issues

2014-07-09 11:19 - 2006-11-02 08:47 - 00345008 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-09 11:17 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-09 10:38 - 2013-07-12 08:18 - 00000000 ____D () C:\Windows\system32\MRT

2014-07-09 10:26 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-07-08 18:03 - 2012-04-20 19:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-07-08 18:03 - 2012-01-12 01:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-07-06 23:46 - 2014-07-06 23:46 - 00001948 _____ () C:\Users\Public\Desktop\Maxtor Manager.lnk

2014-07-06 23:46 - 2014-07-06 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxtor

2014-07-06 23:46 - 2014-07-06 23:46 - 00000000 ____D () C:\Program Files\Maxtor

2014-07-06 23:46 - 2007-08-09 12:46 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-06-23 21:00 - 2014-06-23 21:00 - 00001077 _____ () C:\Users\Jim\Desktop\WD SmartWare.lnk

2014-06-23 20:46 - 2014-06-21 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital

2014-06-23 20:46 - 2014-06-21 15:09 - 00037728 _____ () C:\Windows\DPINST.LOG

2014-06-23 20:45 - 2014-06-21 15:09 - 00000000 ____D () C:\Program Files\Western Digital

2014-06-23 20:45 - 2014-06-21 15:09 - 00000000 ____D () C:\Program Files\Common Files\Western Digital

2014-06-23 20:45 - 2014-06-21 15:07 - 00000000 ____D () C:\ProgramData\Western Digital

2014-06-23 20:42 - 2014-06-23 20:42 - 00000000 ____D () C:\ProgramData\Package Cache

2014-06-21 20:21 - 2014-06-21 20:21 - 00000000 ____D () C:\Users\Jim\AppData\Local\Western_Digital_Technolog

2014-06-21 20:21 - 2014-06-21 20:21 - 00000000 ____D () C:\Users\Jim\AppData\Local\Western Digital

2014-06-21 20:10 - 2014-06-21 20:10 - 00001114 _____ () C:\Users\Jim\Desktop\WD Drive Utilities.lnk

2014-06-21 15:09 - 2011-11-21 19:57 - 00000000 ____D () C:\Users\Jim

2014-06-21 14:37 - 2014-06-21 14:37 - 00000000 ____D () C:\Users\Jim\AppData\Local\Adobe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2014-07-15 18:22

==================== End Of Log ============================

 

7-16 ADDITION.TXT

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Jim at 2014-07-16 13:33:24
Running from C:\Users\Jim\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)
Bloggie Software (HKLM\...\BloggieSoftware) (Version: 3.3.1.73 - Sony)
Bloggie Software (Version: 3.3.1.73 - Sony Corporation) Hidden
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version:  - )
Canon MX310 series User Registration (HKLM\...\Canon MX310 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
ccCommon (Version: 106.2.0.21 - Symantec) Hidden
Chinese Simplified Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-2447-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
CleanMyPC - Registry Cleaner (HKLM\...\CleanMyPC - Registry Cleaner_is1) (Version:  - CleanMyPC Software)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
FinePixViewer Resource (HKLM\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.5 (HKLM\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.5 - FUJIFILM Corporation)
FinePixViewer YTUPL (HKLM\...\{65EB09A3-993B-401E-8936-C9708CBFAB26}) (Version: 1.0 - FUJIFILM Corporation)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4558.05 - PC-Doctor, Inc.)
HP Active Support Library (Version: 2.0.12.1 - Hewlett-Packard) Hidden
HP Active Support Library 32 bit components (Version: 2.1.0 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.2.0.2296 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.2.0.2304 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Total Care Advisor (HKLM\...\{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}) (Version: 1.2.13 - Hewlett-Packard)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.007 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
iolo technologies' System Mechanic (HKLM\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.7.1 - iolo technologies, LLC)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.370 - Oracle)
LightScribe  1.6.45.1 (Version: 1.6.45.1 - http://www.lightscribe.com) Hidden
Maxtor Manager (HKLM\...\InstallShield_{B8281D46-D846-4BB9-BC84-F1115A7BF820}) (Version: 4.01.0227 - Seagate Technology)
Maxtor Manager (Version: 4.01.0227 - Seagate Technology) Hidden
McAfee SecurityCenter (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.0 (HKLM\...\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}) (Version: 6.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1804 - WildTangent)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
Presto! PageManager 7.15.16 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickTime (HKLM\...\{5B09BD67-4C99-46A1-8161-B7208CE18121}) (Version: 7.3.0.70 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.572 - Roxio)
RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
ScanSoft OmniPage SE 4 (HKLM\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SpyHunter (HKLM\...\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}) (Version: 4.12.13.4202 - Enigma Software Group USA, LLC)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
WD Drive Utilities (HKLM\...\{7431ED5D-9247-4F17-91C9-702D9B36FAC4}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{324C58C7-A292-4523-A943-91DE1EB6A1FE}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{CB8CEC6B-903F-4296-BCF3-CE65CAB8E151}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{72fda14f-5a07-49d5-b7f7-202377e9b522}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

11-07-2014 12:00:25 Scheduled Checkpoint
12-07-2014 02:26:53 Removed SpyHunter
12-07-2014 23:56:27 Scheduled Checkpoint
13-07-2014 19:17:09 Scheduled Checkpoint
16-07-2014 00:31:36 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 06:23 - 2013-12-21 23:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1BA711BF-E1B0-48CD-A723-A6BEDAB0A008} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2C7DD7FD-7C0C-4EB2-82F0-9140F7BA57C9} - System32\Tasks\Western Digital\SmartWare\____Volume_6087909c_14b3_11e1_a295_806e6f6e6963______Volume_44f3dada_f96a_11e3_8f05_00038a000015__ => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe [2014-06-02] (Western Digital Technologies, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5ED0B47F-9FE5-4561-B95F-43BAE30CD7A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {7011245D-4EF4-4DF4-A200-1FB89C86C3D0} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7B7FDE68-13CA-4807-B4DC-474E8D2A724D} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe
Task: {9137A497-DE88-45BA-B16C-9140A0539D57} - System32\Tasks\JavaUpdateJim => C:\Windows\system32\jusched.exe
Task: {97C96018-E52D-4A59-9B4B-1A06A9092AB8} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24] (Hewlett-Packard)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-11-21] ()
Task: {E9AA013B-D0B5-4C6C-8CD7-AE1148454158} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {FE5146D9-0BDC-459D-9A86-92A3759E4E5A} - System32\Tasks\iolo Process Governor => C:\Program Files\iolo\System Mechanic\iologovernor.exe [2014-04-30] (iolo technologies, LLC)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-01-11 23:29 - 2006-09-20 09:35 - 00020480 _____ () C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe
2012-01-11 23:29 - 2006-10-30 17:59 - 00024576 _____ () C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #4
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #6
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.

Name: NVIDIA nForce 10/100 Mbps Ethernet
Description: NVIDIA nForce 10/100 Mbps Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVENETFD
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (ATW)
Description: WAN Miniport (ATW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: America Online, Inc.
Service: wanatw
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2014 10:16:16 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={6999CF60-51D1-4CC5-812C-4F89D9A4CBA9}: The user Jim1-PC\Jim dialed a connection named Broadband Connection which has failed. The error code returned on failure is 797.

Error: (07/15/2014 06:16:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/15/2014 06:16:19 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/15/2014 06:16:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (07/15/2014 06:16:11 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.   (0x80040d03)

Error: (07/15/2014 06:16:11 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.   (0x80040d03)

Error: (07/15/2014 06:15:54 PM) (Source: Windows Search Service) (EventID: 3038) (User: )
Description: The gatherer is unable to read the registry DocIdMapFile.

Context:  Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.   (0x80070002)

Error: (07/13/2014 00:24:52 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={F876B4BE-FA8E-4036-B2CE-9A5C5156A5D6}: The user Jim1-PC\Jim dialed a connection named Broadband Connection which has failed. The error code returned on failure is 797.

Error: (07/13/2014 00:23:51 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={99008B41-4EAB-423C-9E63-43D688E32606}: The user Jim1-PC\Jim dialed a connection named Broadband Connection which has failed. The error code returned on failure is 797.

Error: (07/13/2014 00:22:50 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={7517A5DB-9B1D-47F2-8AD6-00F53CD9DCBF}: The user Jim1-PC\Jim dialed a connection named Broadband Connection which has failed. The error code returned on failure is 797.

System errors:
=============
Error: (07/15/2014 06:20:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (07/15/2014 06:16:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (07/15/2014 06:16:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (07/15/2014 06:16:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service

Error: (07/15/2014 06:16:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Windows Search2147749155 (0x80040D23)

Error: (07/15/2014 06:16:23 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/12/2014 01:15:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {79498D83-FEFE-4E36-8B7E-E9CF79F010B0}

Error: (07/11/2014 10:54:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (07/11/2014 10:52:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: HP Health Check Service%%1053

Error: (07/11/2014 10:52:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000HP Health Check Service

Microsoft Office Sessions:
=========================
Error: (07/16/2014 10:16:16 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {6999CF60-51D1-4CC5-812C-4F89D9A4CBA9}Jim1-PC\JimBroadband Connection797

Error: (07/15/2014 06:16:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/15/2014 06:16:19 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/15/2014 06:16:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (07/15/2014 06:16:11 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.   (0x80040d03)

Error: (07/15/2014 06:16:11 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.   (0x80040d03)

Error: (07/15/2014 06:15:54 PM) (Source: Windows Search Service) (EventID: 3038) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.   (0x80070002)
DocIdMapFile

Error: (07/13/2014 00:24:52 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {F876B4BE-FA8E-4036-B2CE-9A5C5156A5D6}Jim1-PC\JimBroadband Connection797

Error: (07/13/2014 00:23:51 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {99008B41-4EAB-423C-9E63-43D688E32606}Jim1-PC\JimBroadband Connection797

Error: (07/13/2014 00:22:50 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {7517A5DB-9B1D-47F2-8AD6-00F53CD9DCBF}Jim1-PC\JimBroadband Connection797

CodeIntegrity Errors:
===================================
  Date: 2013-06-14 10:23:49.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-14 10:23:49.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-28 22:54:52.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-28 22:54:52.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-28 22:29:04.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-28 22:29:04.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-28 22:28:32.863
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-28 22:28:32.702
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-28 22:23:29.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-28 22:23:29.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 3453.57 MB
Available physical RAM: 2316.54 MB
Total Pagefile: 7099.11 MB
Available Pagefile: 5677.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.74 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:456.91 GB) (Free:164.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.85 GB) (Free:1.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (FLASHDRIVE) (Removable) (Total:14.89 GB) (Free:14.84 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1F8DBD9C)
Partition 1: (Active) - (Size=457 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

 

 

IPCONFIG

Microsoft Windows [Version 6.0.6002]

Copyright <c> 2006 Microsoft Corporation. All rights reserved.

C:\Users\Jim>? IPCONFIG /ALL

‘?’ is not recognized as an internet or external commamd,

operable program or batch file

C:Users\Jim>?IPCONFIG/ALL

‘?IPCONFIG’ is not recognized as an internet or external commamd,

operable program or batch file

 

C:\Users\Jim\ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . . . . . . : Jim1-PC

Primary Dns Suffix . . . . . . . . . . :

Node Type . . . . . . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . . . : No

WINS Proxy Enabled. . . . . . . . . : No

C:\Users\Jim>

------------------

PING TEST

Microsoft Windows [Version 6.0.6002]

Copyright <c> 2006 Microsoft Corporation. All rights reserved.

C:\Users\Jim>PINGgoogle.com

"PINGgoogle.com" is not recognized as an internet or external command,

operable program or batch file.

C:\Users\Jim>

------------------------------------

Microsoft Windows [Version 6.0.6002]

Copyright <c> 2006 Microsoft Corporation. All rights reserved.

C:\Users\Jim>PING google.com

Ping request could not find host google.com. Please check the name and try again.

C:\Users\Jim>

------------------------------------------END-------------------------------------

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Attached Files



#4 3Jim3

3Jim3
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 16 July 2014 - 04:09 PM

Cody, I just found out that I have to go out of town until Sunday 7/20.

 

I won't have access to my Desktop PC (the one that is having the problem).

 

Just wanted to let you know to insure that you didn't think I was ignoring any reply.

 

Thanks Jim



#5 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:14 AM

Posted 17 July 2014 - 09:27 AM

Cody, I just found out that I have to go out of town until Sunday 7/20. I won't have access to my Desktop PC (the one that is having the problem). Just wanted to let you know to insure that you didn't think I was ignoring any reply.

Thank you for the heads up, it is not a problem.

I will be reviewing the logs you submitted in the meantime and getting a reply approved by my instructor. :)

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:14 AM

Posted 18 July 2014 - 09:01 PM

Hello 3Jim3,
 
Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop(<<<Important) as fixlist.txt

C:\Users\Jim\AppData\Roaming\iolo\ 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop 
SearchScopes: HKLM - {A32C20F4-5BDA-451F-B1B0-39E078E8075B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd 
SearchScopes: HKCU - {A32C20F4-5BDA-451F-B1B0-39E078E8075B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd 
BootExecute: """autocheck autochk /p \??\F:"""ጔc䡡Ȳᜄጔ僈ڏ䝁Ȳ̈́ጠ""췩گ䎠ጱā>嵑ȧҰ85/2/2014 15:40;Freed 568 KB of temporary Windows clutterl䂀ȧ뇀ጷautocheck smrgdf C:\Users\Jim\AppData\Roaming\iolo\d͇峘ፘ嬸ፘ࡛iolobtdfg C:\Windows\system32e)Ұôhttp://www.iolo.com/redirect/process.aspx?pg=ebc8081a-99d5-46ee-b36d-9f97c647f6fe&p=55fd1d5a-7aef-4da3-8faf-a71b2a52ffc7&b=d9d8e8b3-5596-47f7-8970-14dd2d1f0b9b&appver=12.7.1.2&ak=magp9f4p7kjlj7b7332t&locale=en&lm=5&ls=2&doi=41638&bits=32&sg=001ty.tistics>></Statistics>
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

======================================

 

McAfee Removal Tool

 

There are time when an antivirus can interfere with network connectivity, and McAfee's Antvirus suite is one of the most common pieces of antivirus software to create this problem.

 

In order to test if this is the reason behind your lack of connectivity, you will need to remove McAfee from your system. We can re-install it later. In any event, please get ready any documentation and information you may have regarding your McAfee antivirus subscription.

 

Please download and run the McAfee Home Protection Removal Tool.

 

When the tool is finished, reboot your computer.

 

With your system unprotected, do not use this computer for web browsing if at all possible (other than to a site like google.com to test your Internet connection).

 

======================================

 

Lastly, please describe how you normally connect to the Internet.

 

ISP, modem(s) in your house, router(s), switch(es), etc., and how they are connected.  :)

 

This is called your "network topology".

 

======================================

 

What I'd like to see in your next post:  :thumbsup2:

  • Fixlist.txt
  • Confirmation that McAfee Antivirus has been removed from your computer.
  • Your network topology.

Edited by TheShooter93, 18 July 2014 - 09:02 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 3Jim3

3Jim3
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 20 July 2014 - 03:04 PM

Cody - When saving the Fixlist.txt file - should I save it with the encoding as ANSI, Unicode, UTF-8, or Unicode big endian?

 

I assume it should be Unicode or UTF-8 but I do not know for sure and I don't want to transfer and run the wrong encoding. 

 

 

The answer to your 3rd question "Network topology" - I have access via PenTeleData Cable modem - Broadband. I have a Hard-wired cable from the Modem to the Desktop. I have disconned my Netgear wireless N300 Wireless Router - WRN2000 v3, and am using the hardwire directly from the PenTeleData Modem to my desktop when running your tests and then taking the hardwire from my desktop and connecting it to my laptor to down load the programs & communicate with you. Jim



#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:14 AM

Posted 20 July 2014 - 07:26 PM

Hello 3Jim3,

 

The default encoding is fine, no need to touch that.

 

==========

 

Were you able to remove McAfee?

 

==========

 

Thank you for the network topology. :)

 

Is there a reason you have disconnected your router?


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 3Jim3

3Jim3
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 21 July 2014 - 07:51 AM

Default encoding is ANSI - When I go to save the file as Fixlist.txt a Pop-up warning states the text I copied and pasted to notepad contains characters in Unicode format which will be lost if I save the file as an ANSI encoded text file. Should I save it with Unicode as the encoding? or just leave it with the default encoding as ANSI?

 

I disconnected my router just to remove equiptment that was not needed to connect to broadband. Possibly 1 less cause of my inability to get the desktop to connect to broadband. 

 

I wanted to run FRST with the Fixlist file before I removed McAfee - trying to do things in the order that you list. I have the McAfee removal tool ready to go. Jim



#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:14 AM

Posted 21 July 2014 - 11:26 AM

Hi 3Jim3,

 

Looking at the fix I created, it does have quite a bit of Unicode characters in it.

 

Sorry for the confusion, please encode it using Unicode and then run the fix using FRST. Hopefully it won't give you any more problems. :)

 

==================================

 

As for why you disconnected the router, that makes perfect sense and would eventually be something we would do to troubleshoot anyway.

 

I was just curious if there was something else you were aware of I was not. :)

 

==================================

 

Very good about running things in order and having the McAfee removal tool ready to go after the FRST Fix.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 3Jim3

3Jim3
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 21 July 2014 - 02:32 PM

OK, below is the FixLog from FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
Ran by Jim at 2014-07-21 15:12:53 Run:1
Running from C:\Users\Jim\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Jim\AppData\Roaming\iolo\
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
SearchScopes: HKLM - {A32C20F4-5BDA-451F-B1B0-39E078E8075B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {A32C20F4-5BDA-451F-B1B0-39E078E8075B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BootExecute: """autocheck autochk /p \??\F:"""ጔc䡡Ȳᜄጔ僈ڏ䝁Ȳ̈́ጠ""췩گ䎠ጱā>嵑ȧҰ85/2/2014 15:40;Freed 568 KB of temporary Windows clutterl䂀ȧ뇀ጷautocheck smrgdf C:\Users\Jim\AppData\Roaming\iolo\d͇峘ፘ嬸ፘ࡛iolobtdfg C:\Windows\system32e)Ұôhttp://www.iolo.com/redirect/process.aspx?pg=ebc8081a-99d5-46ee-b36d-9f97c647f6fe&p=55fd1d5a-7aef-4da3-8faf-a71b2a52ffc7&b=d9d8e8b3-5596-47f7-8970-14dd2d1f0b9b&appver=12.7.1.2&ak=magp9f4p7kjlj7b7332t&locale=en&lm=5&ls=2&doi=41638&bits=32&sg=001ty.tistics>></Statistics>
*****************

C:\Users\Jim\AppData\Roaming\iolo => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A32C20F4-5BDA-451F-B1B0-39E078E8075B}' => Key deleted successfully.
'HKCR\CLSID\{A32C20F4-5BDA-451F-B1B0-39E078E8075B}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A32C20F4-5BDA-451F-B1B0-39E078E8075B}' => Key deleted successfully.
'HKCR\CLSID\{A32C20F4-5BDA-451F-B1B0-39E078E8075B}'=> Key not found.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.

==== End of Fixlog ====

 

McAfee suite removed from Desktop

 

Jim



#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:14 AM

Posted 22 July 2014 - 10:10 AM

After removing McAfee and running that FRST Fix, is there any improvement?

 

Are you able to connect to the Internet? Please try rebooting the system and checking your Internet access if you have not already done so.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 3Jim3

3Jim3
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 22 July 2014 - 11:47 AM

Cody - rebooted the DeskTop, connected cable to broadband modem. Desktop still does not recognize the broadband connection. Jim



#14 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:14 AM

Posted 23 July 2014 - 12:03 PM

Hello 3Jim3,

 

Sorry for the delay.

 

==========

 

MiniToolBox

 

Please download MiniToolBox, save it to your desktop and run it.

 

Checkmark the following checkboxes:

  • List IP configuration

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


Edited by TheShooter93, 23 July 2014 - 12:06 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#15 3Jim3

3Jim3
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 25 July 2014 - 05:42 PM

Cody - sorry for delay

 

MiniToolBox - checked List IP Config

 

Results -

 

MiniToolBox by Farbar  Version: 06-07-2014
Ran by Jim (administrator) on 25-07-2014 at 18:27:32
Running from "C:\Users\Jim\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================

 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Jim1-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
  1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

**** End of log ****

 

 

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users