Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

problem ROOT/HIKEY_SPLDR/0000


  • This topic is locked This topic is locked

#1
marycon1

marycon1

    Member

  • Member
  • PipPip
  • 13 posts
computer only runs in safe mode, recover wont work tried everything. here is the otl files. thank you for your help. OTL logfile created on: 5/29/2013 10:14:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MoM\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.22 Gb Available Physical Memory | 11.71% Memory free
3.71 Gb Paging File | 2.25 Gb Available in Paging File | 60.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 159.77 Gb Free Space | 57.17% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.13% Space Free | Partition Type: NTFS

Computer Name: DYLAN-HP | User Name: dylan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/29 22:13:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MoM\Downloads\OTL.com
PRC - [2013/05/29 22:12:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MoM\Desktop\OTL.scr
PRC - [2013/05/29 21:59:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MoM\Desktop\OTL.exe
PRC - [2013/05/29 21:57:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MoM\Downloads\OTL.exe
PRC - [2013/03/13 01:19:14 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 22:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 22:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 21:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 18:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/13 02:03:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/11 03:42:26 | 000,572,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/12 20:18:28 | 000,107,520 | ---- | M] () [Auto | Stopped] -- C:\Users\dylan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012/03/05 14:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/12/30 23:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/30 23:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/19 17:22:32 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2012/09/11 22:51:16 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/08/30 23:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/12 23:06:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/12 23:06:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/09 22:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/16 16:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011/04/05 00:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/05 03:16:00 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/15 14:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/30 23:46:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/13 21:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/11/30 16:45:27 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121130.002\ex64.sys -- (NAVEX15)
DRV - [2012/11/30 16:45:27 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121130.002\eng64.sys -- (NAVENG)
DRV - [2012/11/06 13:13:55 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/10/23 19:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20121106.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/28 13:33:38 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121129.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{B4A3D7CE-47C7-4D3D-83EF-54A42F2759D3}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=09-01-2013
&tb_mrud=09-01-2013

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{B4A3D7CE-47C7-4D3D-83EF-54A42F2759D3}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?...gusaolp00000044
IE - HKCU\..\URLSearchHook: {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {D944BB61-2E34-4DBF-A683-47E505C587DC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-sea...000a0b3ccc82513
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{323D63FC-5A3F-49A4-AB22-08E49E3DFA56}: "URL" = http://us.yhs4.searc...p={searchTerms}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.ipl...q={searchTerms}
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=09-01-2013
&tb_mrud=09-01-2013

IE - HKCU\..\SearchScopes\{B4A3D7CE-47C7-4D3D-83EF-54A42F2759D3}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2012/12/11 19:24:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2012/12/11 19:24:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 19:03:48 | 000,000,000 | ---D | M]

[2013/05/29 21:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/29 21:11:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/29 21:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/05/29 21:11:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/12 22:48:12 | 000,002,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bingober7835275.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.claro-sea...000a0b3ccc82513
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\dylan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: BitTorrentControl_v12 = C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.19.11_0\
CHR - Extension: We-Care.com Reminder = C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.34_0\
CHR - Extension: Software Assist = C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.23.181_0\crossrider
CHR - Extension: Software Assist = C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.23.181_0\
CHR - Extension: DefaultTab = C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\
CHR - Extension: Gmail = C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/03/04 18:11:56 | 000,444,833 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15276 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Software Assist) - {11111111-1111-1111-1111-110011301126} - C:\Program Files (x86)\Software Assist\Software Assist.dll (Software Assist)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\dylan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91BAC39F-780A-46A9-BE25-CC175C215DC2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~2\25986~1.67\{c16c1~1\browse~1.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d48326b2-fbca-11e1-8be6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d48326b2-fbca-11e1-8be6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/29 21:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/05/13 21:24:35 | 000,000,000 | ---D | C] -- C:\Users\dylan\AppData\Roaming\Windows Live Writer
[2013/05/13 21:24:35 | 000,000,000 | ---D | C] -- C:\Users\dylan\AppData\Local\Windows Live Writer
[2013/05/09 08:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2013/05/08 14:08:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/05/07 13:31:09 | 000,000,000 | ---D | C] -- C:\Windows\Temp9BA7E01F-CE05-05FC-6243-582339087120-Signatures
[2012/12/16 14:16:38 | 003,278,888 | ---- | C] (Yahoo! Inc.) -- C:\Users\dylan\AppData\Roaming\ytb_8.4.3.34_2.4.6_mail_bts_pub_uber_Rev_setup_2012.01.19.01.exe
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/29 21:11:53 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/29 19:57:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/29 19:57:23 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/14 12:44:09 | 000,640,364 | ---- | M] () -- C:\Users\dylan\Desktop\administative repoert.zip
[2013/05/14 12:44:04 | 000,005,480 | ---- | M] () -- C:\Users\dylan\Desktop\widows application logs (2).zip
[2013/05/14 12:41:56 | 000,005,456 | ---- | M] () -- C:\Users\dylan\Desktop\windows log (4).zip
[2013/05/14 12:41:02 | 000,005,745 | ---- | M] () -- C:\Users\dylan\Desktop\windows system logs (2).zip
[2013/05/14 12:40:39 | 000,005,596 | ---- | M] () -- C:\Users\dylan\Desktop\windows security logs.zip
[2013/05/14 12:40:35 | 000,005,601 | ---- | M] () -- C:\Users\dylan\Desktop\windows system logs.zip
[2013/05/14 12:40:23 | 000,005,480 | ---- | M] () -- C:\Users\dylan\Desktop\widows application logs.zip
[2013/05/11 21:16:46 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordylan.job
[2013/05/08 14:02:17 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 14:02:17 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/04 08:13:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/04 08:12:55 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/05/04 08:12:55 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013/05/04 08:11:51 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/05/03 22:03:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/03 21:52:50 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/03 21:21:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2205873689-3631405970-2799378404-1000UA.job
[2013/05/03 20:30:06 | 000,000,000 | ---- | M] () -- C:\END
[2013/05/03 14:18:53 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/29 21:11:53 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/29 21:11:53 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/14 12:44:09 | 000,640,364 | ---- | C] () -- C:\Users\dylan\Desktop\administative repoert.zip
[2013/05/14 12:44:04 | 000,005,480 | ---- | C] () -- C:\Users\dylan\Desktop\widows application logs (2).zip
[2013/05/14 12:41:56 | 000,005,456 | ---- | C] () -- C:\Users\dylan\Desktop\windows log (4).zip
[2013/05/14 12:41:02 | 000,005,745 | ---- | C] () -- C:\Users\dylan\Desktop\windows system logs (2).zip
[2013/05/14 12:40:39 | 000,005,596 | ---- | C] () -- C:\Users\dylan\Desktop\windows security logs.zip
[2013/05/14 12:40:35 | 000,005,601 | ---- | C] () -- C:\Users\dylan\Desktop\windows system logs.zip
[2013/05/14 12:40:23 | 000,005,480 | ---- | C] () -- C:\Users\dylan\Desktop\widows application logs.zip
[2013/05/11 20:56:28 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFordylan.job
[2013/02/05 21:10:08 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL
[2013/02/05 20:57:50 | 000,000,228 | ---- | C] () -- C:\Windows\Sierra.ini
[2012/12/11 16:31:39 | 000,007,612 | ---- | C] () -- C:\Users\dylan\AppData\Local\Resmon.ResmonCfg
[2012/12/11 15:20:51 | 000,000,447 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/20 15:58:56 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/10/18 01:18:15 | 000,000,632 | RHS- | C] () -- C:\Users\dylan\ntuser.pol
[2012/09/23 16:37:41 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/05/21 13:24:36 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/06/09 22:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2013/05/07 13:28:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$69a6d8481e315f2361a8126a6657c4d7\L
[2013/05/07 13:28:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$69a6d8481e315f2361a8126a6657c4d7\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/08 18:09:27 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\BitTorrent
[2012/09/10 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\Blio
[2013/04/15 18:45:50 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\Curse Advertising
[2012/10/12 20:18:28 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\DefaultTab
[2012/09/10 19:13:44 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\Easy BitTorrent Client
[2012/09/12 00:13:33 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\Namco
[2012/10/02 14:57:13 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\Nico Mak Computing
[2012/12/16 14:17:29 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\Oberon Media
[2012/09/10 19:14:20 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\qBittorrent
[2012/09/30 20:05:13 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\Registry Mechanic
[2012/11/20 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\StrongvaultOTL logfile created on: 5/29/2013 10:00:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MoM\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 28.64% Memory free
3.71 Gb Paging File | 2.41 Gb Available in Paging File | 64.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 159.93 Gb Free Space | 57.23% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.13% Space Free | Partition Type: NTFS

Computer Name: DYLAN-HP | User Name: dylan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/29 21:59:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MoM\Desktop\OTL.exe
PRC - [2013/05/29 21:57:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MoM\Downloads\OTL.exe
PRC - [2013/05/11 18:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/03/13 01:19:14 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/11 18:26:24 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 22:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 22:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 21:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 18:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/13 02:03:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/11 03:42:26 | 000,572,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/12 20:18:28 | 000,107,520 | ---- | M] () [Auto | Stopped] -- C:\Users\dylan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012/03/05 14:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/12/30 23:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/30 23:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/19 17:22:32 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2012/09/11 22:51:16 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/08/30 23:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON)
DOTL Extras logfile created on: 5/29/2013 10:00:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MoM\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 28.64% Memory free
3.71 Gb Paging File | 2.41 Gb Available in Paging File | 64.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 159.93 Gb Free Space | 57.23% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.13% Space Free | Partition Type: NTFS

Computer Name: DYLAN-HP | User Name: dylan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D5C5BC4-4B9B-4337-8147-F4F425E59DDB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3377F4F6-CA29-4C19-98D5-889E36C6B5E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{421F37BA-630E-4696-BE1C-8E307DDDDB6C}" = lport=137 | protocol=17 | dir=in | app=system |
"{4860F67A-C161-4735-AF29-11F2B5A81DF0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4A1F28C9-A086-4901-93B2-E0369E5AE867}" = lport=138 | protocol=17 | dir=in | app=system |
"{59BC4937-355F-4A43-B48B-F530905F7FA5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{730BDEEA-C475-4BF3-9448-CF8436D4E28D}" = rport=445 | protocol=6 | dir=out | app=system |
"{885188C0-7468-4C9A-8145-34D3B9C2262D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B97C794-5526-4D2C-A3D8-2F3A251E4F97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D0E015C7-5CB6-4BE8-8506-FD30196F0940}" = rport=138 | protocol=17 | dir=out | app=system |
"{D4CF4637-D7E3-4065-AF21-981F6E019559}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D87628A4-C7B6-4D03-A493-F2DA7A380868}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DA755ADE-5C06-4DA8-A035-36521BBDFCAD}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC57E6B0-B357-4EF2-89EC-04F8383B3672}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DF045EC1-F2BF-40BA-9980-1A6C650BF660}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E7C0BC07-7490-4C3B-8C10-7AE093189DBA}" = rport=137 | protocol=17 | dir=out | app=system |
"{E8282346-BD86-4767-9503-A8FCF46A6BE2}" = rport=2869 | protocol=6 | dir=out | app=system |
"{EA2F0363-E2FA-4519-A976-856F9DE79A7D}" = rport=139 | protocol=6 | dir=out | app=system |
"{EA46E830-971B-4022-8309-2232FCF87B7C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF4A186B-C543-409C-872B-DD7818F3E6DA}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF96FC83-209C-4258-91DA-3ED9EB78980E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FE26B48E-7481-4C94-A067-3BC7FAF14CCA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036447C4-E2D8-4C53-B549-DBB5D5BA9757}" = protocol=58 | dir=in | [email protected],-28545 |
"{0529D29D-0AD3-4757-87D4-66B32C4467D1}" = protocol=1 | dir=out | [email protected],-28544 |
"{107664AE-A940-47AC-B82A-B58F276435EA}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{13B617E8-D8C3-47EA-A180-AECAF9AA66FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C4C88D7-2163-4CB9-B45E-C6C9AA534965}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{1C6C39B2-A17A-458E-A9EF-A89805200DF5}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{3311F27B-5064-491D-B408-DEC71BB36413}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{333E703E-7CA8-4086-BF6A-3A57842685A8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{41B3D50A-ED76-4BD7-A3EB-8DB03E421DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{4B27628A-B353-4F17-B71F-EF7228A2ABEC}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{63DAC05A-00C9-4200-9577-84E7071FF09B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{64255550-8DDF-454B-AC79-A98C1E34AB48}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{6DE08C11-45A4-41B0-B9DA-1C08678686E6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{7E4F11E5-66DA-409E-A357-EE50863FBC1E}" = protocol=1 | dir=in | [email protected],-28543 |
"{820A0471-1185-4C04-A85D-3F019FC77FF4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{88448607-701C-4DDE-ACD5-CADBDD3CB949}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{928490E1-125F-4134-87CC-65A0393D946B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{92B6ECAF-5E6C-4D46-BA42-3FAF89745FF4}" = protocol=58 | dir=out | [email protected],-28546 |
"{97CD5502-DB3A-4A7B-B34F-7E2B32D2578C}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{A195E31D-4259-4BE3-92EB-25F0A3DFC7C0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AD22252F-8ACB-4CC7-AA05-532D53CA04C7}" = protocol=58 | dir=in | [email protected],-148 |
"{AF13FE58-B85B-458A-9C47-C08814F6FC78}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{B03714FA-CC84-414B-8A3E-8E4772F87DD4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{B1DC04ED-DAE9-4AC0-83AD-2DDEC462C0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{B64C2541-8AFE-4A13-9213-DFE8251EFDEC}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{BBC1E05C-1541-4847-8D87-DB7B4356ED82}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{BD3D72C4-4075-4AB4-9972-AFEE10464FC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CE2B7890-30EB-44D4-9C4B-D891A7F67E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{D3574695-0EF1-40BC-B16B-BFEECB8E1625}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{D9B5F0F8-0171-41ED-B85E-A6E63395776F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E7072F34-F647-42FD-970C-3E06ADB5E653}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F97D2377-FFCB-4348-9A0D-429FFC3B8272}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"TCP Query User{2AE43068-A95A-497B-9D3E-87DC0FD3714C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{91EDDF66-E9E2-4697-8D15-A702C9AFE959}C:\program files (x86)\easy bittorrent client\easybittorrentclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\easy bittorrent client\easybittorrentclient.exe |
"TCP Query User{CE4A1CC8-B253-4011-99FB-3F56F1BE3B46}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{016C8824-EB19-478D-B1E7-7C1E2B78BCD7}C:\program files (x86)\easy bittorrent client\easybittorrentclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\easy bittorrent client\easybittorrentclient.exe |
"UDP Query User{1495124A-5E34-4768-9F7A-67CA7E3BCC47}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{AE21DC42-8E2A-484D-BDF0-1C7CDD5CB8CA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}" = CWA Reminder by We-Care.com v4.1.18.3
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AOL Toolbar" = AOL Toolbar
"BitTorrent" = BitTorrent
"DefaultTab" = DefaultTab
"DefaultTab Chrome" = DefaultTab Chrome
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"Easy BitTorrent Client" = Easy BitTorrent Client
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Software Assist" = Software Assist
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"Trophy Buck" = Field & Stream® Trophy Buck
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"AOL Toolbar" = AOL Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/3/2013 10:39:29 PM | Computer Name = dylan-HP | Source = WinMgmt | ID = 10
Description =

Error - 5/3/2013 10:39:34 PM | Computer Name = dylan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x511246e7 Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x511246e7 Exception code: 0xc0000005 Fault offset: 0x00002c60 Faulting
process id: 0x688 Faulting application start time: 0x01ce48709670c52e Faulting application
path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Faulting module path:
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Report Id: da8302cb-b463-11e2-b6c8-a0b3ccc82513

Error - 5/3/2013 11:04:32 PM | Computer Name = dylan-HP | Source = WinMgmt | ID = 10
Description =

Error - 5/3/2013 11:04:38 PM | Computer Name = dylan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x511246e7 Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x511246e7 Exception code: 0xc0000005 Fault offset: 0x00002c60 Faulting
process id: 0x67c Faulting application start time: 0x01ce48741501206c Faulting application
path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Faulting module path:
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Report Id: 5afdb981-b467-11e2-8705-a0b3ccc82513

Error - 5/3/2013 11:05:56 PM | Computer Name = dylan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: FlashUtil64_11_6_602_180_ActiveX.exe, version:
11.6.602.180, time stamp: 0x5130146c Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x00000000000532d0
Faulting
process id: 0xcec Faulting application start time: 0x01ce48743c9fe7dc Faulting application
path: C:\Windows\System32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 893d683d-b467-11e2-8705-a0b3ccc82513

Error - 5/4/2013 8:11:46 AM | Computer Name = dylan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x511246e7 Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x511246e7 Exception code: 0xc0000005 Fault offset: 0x00002c60 Faulting
process id: 0x600 Faulting application start time: 0x01ce48c080fe9a62 Faulting application
path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Faulting module path:
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Report Id: c9ca130a-b4b3-11e2-9456-a0b3ccc82513

Error - 5/4/2013 8:11:49 AM | Computer Name = dylan-HP | Source = WinMgmt | ID = 10
Description =

Error - 5/4/2013 8:16:13 AM | Computer Name = dylan-HP | Source = MsiInstaller | ID = 10005
Description =

Error - 5/4/2013 8:16:24 AM | Computer Name = dylan-HP | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF86 Description:Cannot complete the Security Essentials
Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing.
The previous version of Security Essentials was restored. Error code:0x8004FF86.

Error - 5/4/2013 11:01:52 AM | Computer Name = dylan-HP | Source = WinMgmt | ID = 10
Description =

Error - 5/4/2013 11:01:55 AM | Computer Name = dylan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x511246e7 Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x511246e7 Exception code: 0xc0000005 Fault offset: 0x00002c60 Faulting
process id: 0x688 Faulting application start time: 0x01ce48d84d3da586 Faulting application
path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Faulting module path:
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Report Id: 8f35ec25-b4cb-11e2-bb5e-a0b3ccc82513

[ Hewlett-Packard Events ]
Error - 11/2/2012 11:46:47 PM | Computer Name = dylan-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/2/2012 11:47:25 PM | Computer Name = dylan-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/2/2012 11:47:26 PM | Computer Name = dylan-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/2/2012 11:11:41 PM | Computer Name = dylan-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/4/2012 5:37:15 PM | Computer Name = dylan-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/6/2012 1:47:43 PM | Computer Name = dylan-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/6/2012 1:47:43 PM | Computer Name = dylan-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/6/2012 1:47:55 PM | Computer Name = dylan-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/11/2012 6:09:47 PM | Computer Name = dylan-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 1899 Ram Utilization:
90 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 12/11/2012 6:37:17 PM | Computer Name = dylan-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 10/3/2012 10:50:31 PM | Computer Name = dylan-HP | Source = CaslWmi | ID = 5
Description = 2012/10/03 21:50:31.210|000000F8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/3/2012 10:56:13 PM | Computer Name = dylan-HP | Source = CaslWmi | ID = 5
Description = 2012/10/03 21:56:13.206|000015F4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/3/2012 10:56:23 PM | Computer Name = dylan-HP | Source = CaslWmi | ID = 5
Description = 2012/10/03 21:56:23.892|00001620|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/10/2012 10:45:02 PM | Computer Name = dylan-HP | Source = CaslWmi | ID = 5
Description = 2012/10/10 21:45:02.076|00000E74|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/31/2012 10:10:30 PM | Computer Name = dylan-HP | Source = CaslWmi | ID = 5
Description = 2012/10/31 21:10:30.330|000010F0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/31/2012 10:17:28 PM | Computer Name = dylan-HP | Source = CaslWmi | ID = 5
Description = 2012/10/31 21:17:28.481|0000098C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/6/2012 1:44:34 PM | Computer Name = dylan-HP | Source = CaslWmi | ID = 5
Description = 2012/12/06 12:44:34.319|00001434|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/6/2012 1:47:20 PM | Computer Name = dylan-HP | Source = CaslWmi | ID = 5
Description = 2012/12/06 12:47:20.453|0000132C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/6/2012 1:47:32 PM | Computer Name = dylan-HP | Source = CaslWmi | ID = 5
Description = 2012/12/06 12:47:32.704|00000C1C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/20/2013 1:03:37 PM | Computer Name = dylan-HP | Source = hpqWmiEx | ID = 5
Description = 2013/01/20 12:03:37.146|00001094|Error |ChpqWmiExModule::Start|The
hpqwmiex service failed to start (1063). A system restart may correct this problem.

[ Media Center Events ]
Error - 2/12/2013 7:03:17 PM | Computer Name = dylan-HP | Source = MCUpdate | ID = 0
Description = 6:03:07 PM - Error connecting to the internet. 6:03:07 PM - Unable
to contact server..

Error - 4/28/2013 7:09:49 PM | Computer Name = dylan-HP | Source = MCUpdate | ID = 0
Description = 7:09:48 PM - Error connecting to the internet. 7:09:48 PM - Unable
to contact server..

Error - 4/28/2013 7:10:04 PM | Computer Name = dylan-HP | Source = MCUpdate | ID = 0
Description = 7:09:54 PM - Error connecting to the internet. 7:09:54 PM - Unable
to contact server..

Error - 4/29/2013 2:48:39 PM | Computer Name = dylan-HP | Source = MCUpdate | ID = 0
Description = 2:48:38 PM - Error connecting to the internet. 2:48:38 PM - Unable
to contact server..

Error - 4/29/2013 2:48:52 PM | Computer Name = dylan-HP | Source = MCUpdate | ID = 0
Description = 2:48:44 PM - Error connecting to the internet. 2:48:44 PM - Unable
to contact server..

Error - 5/4/2013 8:17:45 AM | Computer Name = dylan-HP | Source = MCUpdate | ID = 0
Description = 8:17:29 AM - Error connecting to the internet. 8:17:29 AM - Unable
to contact server..

Error - 5/8/2013 12:44:32 PM | Computer Name = dylan-HP | Source = MCUpdate | ID = 0
Description = 12:44:20 PM - Error connecting to the internet. 12:44:20 PM - Unable
to contact server..

Error - 5/8/2013 1:45:49 PM | Computer Name = dylan-HP | Source = MCUpdate | ID = 0
Description = 1:45:36 PM - Error connecting to the internet. 1:45:36 PM - Unable
to contact server..

Error - 5/8/2013 2:47:12 PM | Computer Name = dylan-HP | Source = MCUpdate | ID = 0
Description = 2:47:01 PM - Error connecting to the internet. 2:47:02 PM - Unable
to contact server..

Error - 5/8/2013 3:48:33 PM | Computer Name = dylan-HP | Source = MCUpdate | ID = 0
Description = 3:48:22 PM - Error connecting to the internet. 3:48:22 PM - Unable
to contact server..

[ System Events ]
Error - 5/29/2013 10:01:33 PM | Computer Name = dylan-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/29/2013 10:01:33 PM | Computer Name = dylan-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/29/2013 10:06:33 PM | Computer Name = dylan-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/29/2013 10:06:33 PM | Computer Name = dylan-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/29/2013 10:08:41 PM | Computer Name = dylan-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/29/2013 10:08:41 PM | Computer Name = dylan-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/29/2013 10:13:41 PM | Computer Name = dylan-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/29/2013 10:13:41 PM | Computer Name = dylan-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/29/2013 10:15:47 PM | Computer Name = dylan-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068 hope I did not send all the same files. i also hope i was sopposed to do that
[2012/09/10 18:49:31 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\Synaptics
[2013/02/12 19:12:06 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\WildTangent
[2013/05/13 21:24:35 | 000,000,000 | ---D | M] -- C:\Users\dylan\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
:welcome:

  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    O20 - AppInit_DLLs: (c:\progra~3\browse~2\25986~1.67\{c16c1~1\browse~1.dll) - File not found
    O20 - AppInit_DLLs: (c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - File not found

    :Files
    C:\$Recycle.Bin\S-1-5-18\$69a6d8481e315f2361a8126a6657c4d7

    :Commands
    [EMPTYTEMP]
    [EMPTYJAVA]
    [REBOOT]

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Boot in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#3
marycon1

marycon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I do believe this is the reply from OLHAll processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~2\25986~1.67\{c16c1~1\browse~1.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll deleted successfully.
========== FILES ==========
File\Folder C:\$Recycle.Bin\S-1-5-18\$69a6d8481e315f2361a8126a6657c4d7 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dylan
->Temp folder emptied: 4796928 bytes
->Temporary Internet Files folder emptied: 351035 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: mike
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MoM
->Temp folder emptied: 248832 bytes
->Temporary Internet Files folder emptied: 6910393 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83464 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: dylan
->Java cache emptied: 0 bytes

User: Guest
->Java cache emptied: 0 bytes

User: mike
->Java cache emptied: 0 bytes

User: MoM
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05302013_185630

Files\Folders moved on Reboot...
File move failed. C:\Users\MoM\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File\Folder C:\Users\MoM\AppData\Local\Temp\~DF0A8043E6057BB6D1.TMP not found!
File\Folder C:\Users\MoM\AppData\Local\Temp\~DF0D6616C432E69ACF.TMP not found!
File\Folder C:\Users\MoM\AppData\Local\Temp\~DF0FD2F2721C9E51B5.TMP not found!
File\Folder C:\Users\MoM\AppData\Local\Temp\~DF2D97DF199B0D9F3D.TMP not found!
File\Folder C:\Users\MoM\AppData\Local\Temp\~DF35516AB28E71F7C8.TMP not found!
File\Folder C:\Users\MoM\AppData\Local\Temp\~DF40182C0B70AAD3CC.TMP not found!
File\Folder C:\Users\MoM\AppData\Local\Temp\~DF51B015FB164DE38B.TMP not found!
File\Folder C:\Users\MoM\AppData\Local\Temp\~DF5A740BF8F263E49A.TMP not found!
File\Folder C:\Users\MoM\AppData\Local\Temp\~DFB29FE1F632E4DED3.TMP not found!
File\Folder C:\Users\MoM\AppData\Local\Temp\~DFC99DD2494F14D824.TMP not found!
File\Folder C:\Users\MoM\AppData\Local\Temp\~DFD2142F73E8687951.TMP not found!
File\Folder C:\Users\MoM\AppData\Local\Temp\~DFEE063F23E0E753DC.TMP not found!
C:\Users\MoM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ML0KDRGK\weatherRefresh[1].htm moved successfully.
C:\Users\MoM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ML0KDRGK\ygm[1].mp3 moved successfully.
C:\Users\MoM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Conten
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Boot in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


We still need the FRST log.
  • 0

#5
marycon1

marycon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
05-2013 01
Ran by MoM at 2013-05-31 18:16:37 Run:
Running from C:\Users\MoM\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader X (10.1.6) MUI (Version: 10.1.6)
Adobe Shockwave Player 11.6 (Version: 11.6.7.637)
AOL Toolbar
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compaq Setup Manager (Version: 1.1.13476.3753)
CWA Reminder by We-Care.com v4.1.18.3 (Version: 4.1.18.3)
D3DX10 (Version: 15.4.2368.0902)
DefaultTab (Version: 1.2.8.0)
DefaultTab Chrome (Version: 1.1.14)
DirectX Media Runtime 5.1
Download Updater (AOL Inc.)
Easy BitTorrent Client
ESU for Microsoft Windows 7 SP1 (Version: 2.1.1)
Field & Stream® Trophy Buck
Fraps
Free Opener (Version: 1.4)
Google Chrome (Version: 26.0.1410.64)
Google Update Helper (Version: 1.3.21.135)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Launch Box (Version: 1.0.11)
HP On Screen Display (Version: 1.3.5)
HP Power Manager (Version: 1.4.8)
HP Quick Launch (Version: 2.7.2)
HP QuickWeb (Version: 3.1.0.9742)
HP Setup (Version: 8.7.4751.3798)
HP Software Framework (Version: 4.1.13.1)
HP Support Assistant (Version: 7.0.39.15)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2353)
J2SE Runtime Environment 5.0 (Version: 1.5.0)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Netflix in Windows Media Center (Version: 3.3.101.0)
Norton Internet Security (Version: 19.9.0.9)
PlayReady PC Runtime x86 (Version: 1.3.0)
Realtek Ethernet Controller Driver (Version: 7.42.304.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6287)
Realtek PCIE Card Reader (Version: 6.1.7600.77)
REALTEK Wireless LAN Driver (Version: 1.00.11.0706)
Recovery Manager (Version: 2.0.0)
Software Assist (Version: 1.20.150.150)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.11.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Ventrilo Client (Version: 3.0.8)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Software Update

==================== Restore Points =========================


==================== Hosts content: ==========================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are more than 1000 lines starting with "127.0.0.1"


==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2013 05:35:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2013 05:32:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2013 05:22:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 07:59:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 07:00:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 06:45:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 01:07:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 00:24:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 00:20:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 11:58:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/31/2013 06:12:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/31/2013 06:12:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/31/2013 06:10:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/31/2013 06:10:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/31/2013 06:05:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/31/2013 06:05:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/31/2013 06:04:25 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

New Engine Version:

Previous Engine Version: 2.1.9402.0

Engine Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Error Code: %NT AUTHORITY601

Error description: %NT AUTHORITY602

Error: (05/31/2013 06:04:25 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 101.4.0.0

Update Source: %NT AUTHORITY15

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/31/2013 06:04:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.149.1856.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/31/2013 06:04:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.149.1856.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (05/31/2013 05:35:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2013 05:32:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2013 05:22:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 07:59:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 07:00:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 06:45:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 01:07:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 00:24:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 00:20:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 11:58:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 90%
Total physical RAM: 1899.86 MB
Available physical RAM: 188.83 MB
Total Pagefile: 3799.72 MB
Available Pagefile: 1921.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.47 GB) (Free:208.5 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================-05-2013 01
Ran by MoM (ATTENTION: The logged in user is not administrator) on 31-05-2013 18:14:48
Running from C:\Users\MoM\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
Attention: System hive is missing.


==================== Processes (Whitelisted) =================

(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe

==================== Registry (Whitelisted) ==================

Attention: Software hive is missing.

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [5365592 2009-01-26] (Safer Networking Limited)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex [706776 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [5365592 2009-01-26] (Safer Networking Limited)
HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {B4A3D7CE-47C7-4D3D-83EF-54A42F2759D3} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect..._oid=09-01-2013
&tb_mrud=09-01-2013

SearchScopes: HKLM-x32 - {B4A3D7CE-47C7-4D3D-83EF-54A42F2759D3} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKCU - {B4A3D7CE-47C7-4D3D-83EF-54A42F2759D3} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: Software Assist - {11111111-1111-1111-1111-110011301126} - C:\Program Files (x86)\Software Assist\Software Assist.dll (Software Assist)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\dylan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
PDF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab
PDF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\MoM\AppData\Roaming\Mozilla\Firefox\Profiles\b85huxpx.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\MoM\AppData\Roaming\Mozilla\Firefox\Profiles\b85huxpx.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (We-Care.com Reminder) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.34_0
CHR Extension: (DefaultTab) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0
CHR Extension: (Gmail) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-11] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll [309688 2012-04-12] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 DefaultTabUpdate; "C:\Users\dylan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" [x]

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-06] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121129.001\IDSvia64.sys [513184 2012-09-28] (Symantec Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121130.002\ENG64.SYS [126112 2012-11-30] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121130.002\EX64.SYS [2084000 2012-11-30] (Symantec Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-09-11] (Symantec Corporation)
S1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1309000.009\ccSetx64.sys [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
S3 SRTSP; \SystemRoot\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS [x]
S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS [x]
R0 SymDS; system32\drivers\NISx64\1309000.009\SYMDS64.SYS [x]
R0 SymEFA; system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [x]
S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1309000.009\Ironx64.SYS [x]
S1 SymNetS; \SystemRoot\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-31 18:14 - 2013-05-31 18:14 - 00000000 ____D C:\FRST
2013-05-31 18:13 - 2013-05-31 18:14 - 01915980 ____A (Farbar) C:\Users\MoM\Desktop\FRST64.exe
2013-05-31 18:12 - 2013-05-31 18:12 - 01915980 ____A (Farbar) C:\Users\MoM\Downloads\FRST64.exe
2013-05-30 18:56 - 2013-05-30 18:56 - 00000000 ____D C:\_OTL
2013-05-30 11:15 - 2013-05-30 11:15 - 00000000 ____D C:\Users\MoM\Desktop\New folder
2013-05-29 21:11 - 2013-05-29 22:00 - 00000000 ____D C:\Users\MoM\AppData\Roaming\Mozilla
2013-05-29 21:11 - 2013-05-29 21:11 - 00000000 ____D C:\Users\MoM\AppData\Local\Mozilla
2013-05-11 20:56 - 2013-05-11 21:16 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleFordylan.job
2013-05-09 08:39 - 2013-05-09 08:39 - 00000000 ____D C:\Program Files\Microsoft Games
2013-05-08 14:08 - 2013-05-08 18:08 - 00000000 ____D C:\Windows\pss
2013-05-07 13:31 - 2013-05-08 18:05 - 00000000 ____D C:\Windows\Temp9BA7E01F-CE05-05FC-6243-582339087120-Signatures
2013-05-03 23:06 - 2013-05-03 23:06 - 00000000 ____D C:\Users\MoM\AppData\Local\CrashDumps
2013-05-03 22:39 - 2013-05-04 08:11 - 00000168 ____A C:\Windows\setupact.log
2013-05-03 22:39 - 2013-05-03 22:39 - 00000000 ____A C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-05-31 18:14 - 2013-05-31 18:14 - 00000000 ____D C:\FRST
2013-05-31 18:14 - 2013-05-31 18:13 - 01915980 ____A (Farbar) C:\Users\MoM\Desktop\FRST64.exe
2013-05-31 18:12 - 2013-05-31 18:12 - 01915980 ____A (Farbar) C:\Users\MoM\Downloads\FRST64.exe
2013-05-31 18:04 - 2012-05-21 13:22 - 01401169 ____A C:\Windows\WindowsUpdate.log
2013-05-30 19:57 - 2010-11-20 23:47 - 00036686 ____A C:\Windows\PFRO.log
2013-05-30 19:47 - 2012-09-10 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-30 18:56 - 2013-05-30 18:56 - 00000000 ____D C:\_OTL
2013-05-30 11:15 - 2013-05-30 11:15 - 00000000 ____D C:\Users\MoM\Desktop\New folder
2013-05-29 22:00 - 2013-05-29 21:11 - 00000000 ____D C:\Users\MoM\AppData\Roaming\Mozilla
2013-05-29 21:11 - 2013-05-29 21:11 - 00000000 ____D C:\Users\MoM\AppData\Local\Mozilla
2013-05-23 22:11 - 2012-11-21 14:04 - 00000000 ____D C:\Windows\Minidump
2013-05-11 21:16 - 2013-05-11 20:56 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleFordylan.job
2013-05-09 08:39 - 2013-05-09 08:39 - 00000000 ____D C:\Program Files\Microsoft Games
2013-05-08 18:21 - 2012-09-10 18:41 - 00000000 ____D C:\users\dylan
2013-05-08 18:19 - 2012-10-31 12:21 - 00000000 ____D C:\users\MoM
2013-05-08 18:10 - 2012-11-02 02:32 - 00000000 ____D C:\users\mike
2013-05-08 18:10 - 2012-10-27 10:21 - 00000000 ____D C:\users\Guest
2013-05-08 18:10 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-08 18:09 - 2012-12-11 16:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-08 18:09 - 2012-12-11 16:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-05-08 18:09 - 2012-09-10 19:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-08 18:08 - 2013-05-08 14:08 - 00000000 ____D C:\Windows\pss
2013-05-08 18:05 - 2013-05-07 13:31 - 00000000 ____D C:\Windows\Temp9BA7E01F-CE05-05FC-6243-582339087120-Signatures
2013-05-08 18:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-05-08 14:02 - 2009-07-14 00:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-08 14:02 - 2009-07-14 00:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-04 08:13 - 2012-09-14 23:17 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-04 08:12 - 2012-12-18 20:00 - 00000284 ____A C:\Windows\Tasks\RMAutoUpdate.job
2013-05-04 08:12 - 2012-11-20 15:59 - 00000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-05-04 08:11 - 2013-05-03 22:39 - 00000168 ____A C:\Windows\setupact.log
2013-05-04 08:11 - 2012-09-22 20:05 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-05-04 08:11 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-03 23:10 - 2011-07-12 23:37 - 00000000 ____D C:\ProgramData\Adobe
2013-05-03 23:06 - 2013-05-03 23:06 - 00000000 ____D C:\Users\MoM\AppData\Local\CrashDumps
2013-05-03 22:39 - 2013-05-03 22:39 - 00000000 ____A C:\Windows\setuperr.log
2013-05-03 22:38 - 2012-11-08 21:37 - 00000000 ____D C:\Program Files\Google
2013-05-03 22:38 - 2012-09-14 23:16 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-03 22:03 - 2012-09-14 23:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-03 21:58 - 2012-09-10 20:17 - 00000000 ____D C:\ProgramData\Skype
2013-05-03 21:52 - 2012-09-14 23:17 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-03 21:21 - 2012-09-10 20:36 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2205873689-3631405970-2799378404-1000UA.job
2013-05-03 20:30 - 2013-04-22 20:36 - 00000000 ____A C:\END
2013-05-03 14:18 - 2012-12-11 20:41 - 00002113 ____A C:\Windows\epplauncher.mif
2013-05-02 11:29 - 2010-11-20 23:27 - 00278800 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== End Of Log ============================I do believe these are the logs that were requested
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Part of the registry is missing. Did you attempt to remove The Microsoft Security Client and Defender folder?

Run FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

software;system

It then should look like:

Search: software;system

Click Search button and post the log (Search.txt) it makes on the the desktop in your next reply.
  • 0

#7
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Also lets try to run this fix, although you are not running in Normal Mode.

Download the enclosed file. [attachment=64882:fixlist.txt]

Save it next to FRST. Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log on the desktop (Fixlog.txt) please post it to your reply
  • 0

#8
marycon1

marycon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
This is the report I recieved after running FRST on OTL fix it scan. thank you again. Error: Unable to interpret <Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01> in the current context!
Error: Unable to interpret <Ran by MoM (ATTENTION: The logged in user is not administrator) on 31-05-2013 18:14:48> in the current context!
Error: Unable to interpret <Running from C:\Users\MoM\Desktop> in the current context!
Error: Unable to interpret <Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)> in the current context!
Error: Unable to interpret <Internet Explorer Version 9> in the current context!
Error: Unable to interpret <Boot Mode: Safe Mode (with Networking)> in the current context!
Error: Unable to interpret <Attention: System hive is missing.> in the current context!
Error: Unable to interpret <==================== Processes (Whitelisted) =================> in the current context!
Error: Unable to interpret <(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe> in the current context!
Error: Unable to interpret <(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe> in the current context!
Error: Unable to interpret <(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe> in the current context!
Error: Unable to interpret <(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe> in the current context!
Error: Unable to interpret <==================== Registry (Whitelisted) ==================> in the current context!
Error: Unable to interpret <Attention: Software hive is missing.> in the current context!
Error: Unable to interpret <HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)> in the current context!
Error: Unable to interpret <HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)> in the current context!
Error: Unable to interpret <HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <HKLM-x32\...\RunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [5365592 2009-01-26] (Safer Networking Limited)> in the current context!
Error: Unable to interpret <HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]> in the current context!
Error: Unable to interpret <HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex [706776 2013-03-13] (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <HKLM-x32\...\RunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [5365592 2009-01-26] (Safer Networking Limited)> in the current context!
Error: Unable to interpret <HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [168504 2011-06-28] (Hewlett-Packard Company)> in the current context!
Error: Unable to interpret <HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [38112 2012-12-18] (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)> in the current context!
Error: Unable to interpret <HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)> in the current context!
Error: Unable to interpret <HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <==================== Internet (Whitelisted) ====================> in the current context!
Error: Unable to interpret <HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1> in the current context!
Error: Unable to interpret <HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1> in the current context!
Error: Unable to interpret <HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1> in the current context!
Error: Unable to interpret <HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1> in the current context!
Error: Unable to interpret <HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1> in the current context!
Error: Unable to interpret <SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...l=dis&o=HPNTDF> in the current context!
Error: Unable to interpret <SearchScopes: HKLM - {B4A3D7CE-47C7-4D3D-83EF-54A42F2759D3} URL = http://www.amazon.co...={searchTerms}> in the current context!
Error: Unable to interpret <SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....sg&type=HPNTDF> in the current context!
Error: Unable to interpret <SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....={searchTerms}> in the current context!
Error: Unable to interpret <SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...={searchTerms}> in the current context!
Error: Unable to interpret <SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...l=dis&o=HPNTDF> in the current context!
Error: Unable to interpret <SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...oid=09-01-2013> in the current context!
Error: Unable to interpret <&tb_mrud=09-01-2013> in the current context!
Error: Unable to interpret <SearchScopes: HKLM-x32 - {B4A3D7CE-47C7-4D3D-83EF-54A42F2759D3} URL = http://www.amazon.co...={searchTerms}> in the current context!
Error: Unable to interpret <SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....sg&type=HPNTDF> in the current context!
Error: Unable to interpret <SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....={searchTerms}> in the current context!
Error: Unable to interpret <SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...={searchTerms}> in the current context!
Error: Unable to interpret <SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...l=dis&o=HPNTDF> in the current context!
Error: Unable to interpret <SearchScopes: HKCU - {B4A3D7CE-47C7-4D3D-83EF-54A42F2759D3} URL = http://www.amazon.co...={searchTerms}> in the current context!
Error: Unable to interpret <SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....sg&type=HPNTDF> in the current context!
Error: Unable to interpret <SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....={searchTerms}> in the current context!
Error: Unable to interpret <SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...={searchTerms}> in the current context!
Error: Unable to interpret <BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)> in the current context!
Error: Unable to interpret <BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File> in the current context!
Error: Unable to interpret <BHO-x32: Software Assist - {11111111-1111-1111-1111-110011301126} - C:\Program Files (x86)\Software Assist\Software Assist.dll (Software Assist)> in the current context!
Error: Unable to interpret <BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <BHO-x32: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)> in the current context!
Error: Unable to interpret <BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)> in the current context!
Error: Unable to interpret <BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)> in the current context!
Error: Unable to interpret <BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)> in the current context!
Error: Unable to interpret <BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\dylan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File> in the current context!
Error: Unable to interpret <BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)> in the current context!
Error: Unable to interpret <BHO-x32: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)> in the current context!
Error: Unable to interpret <BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)> in the current context!
Error: Unable to interpret <Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)> in the current context!
Error: Unable to interpret <Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)> in the current context!
Error: Unable to interpret <Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File> in the current context!
Error: Unable to interpret <PDF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...ndows-i586.cab> in the current context!
Error: Unable to interpret <PDF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...loader_v10.cab> in the current context!
Error: Unable to interpret <Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt> in the current context!
Error: Unable to interpret <Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76> in the current context!
Error: Unable to interpret <FireFox:> in the current context!
Error: Unable to interpret <========> in the current context!
Error: Unable to interpret <FF ProfilePath: C:\Users\MoM\AppData\Roaming\Mozilla\Firefox\Profiles\b85huxpx.default> in the current context!
Error: Unable to interpret <FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()> in the current context!
Error: Unable to interpret <FF Plugin: @microsoft.com/GENUINE - disabled No File> in the current context!
Error: Unable to interpret <FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()> in the current context!
Error: Unable to interpret <FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)> in the current context!
Error: Unable to interpret <FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <FF Plugin-x32: @microsoft.com/GENUINE - disabled No File> in the current context!
Error: Unable to interpret <FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )> in the current context!
Error: Unable to interpret <FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)> in the current context!
Error: Unable to interpret <FF Extension: Yahoo! Toolbar - C:\Users\MoM\AppData\Roaming\Mozilla\Firefox\Profiles\b85huxpx.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}> in the current context!
Error: Unable to interpret <Chrome: > in the current context!
Error: Unable to interpret <=======> in the current context!
Error: Unable to interpret <CHR HomePage: hxxp://www.google.com/> in the current context!
Error: Unable to interpret <CHR RestoreOnStartup: "hxxp://www.google.com/"> in the current context!
Error: Unable to interpret <CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}> in the current context!
Error: Unable to interpret <CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}> in the current context!
Error: Unable to interpret <CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()> in the current context!
Error: Unable to interpret <CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer> in the current context!
Error: Unable to interpret <CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()> in the current context!
Error: Unable to interpret <CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()> in the current context!
Error: Unable to interpret <CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)> in the current context!
Error: Unable to interpret <CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )> in the current context!
Error: Unable to interpret <CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)> in the current context!
Error: Unable to interpret <CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File> in the current context!
Error: Unable to interpret <CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File> in the current context!
Error: Unable to interpret <CHR Extension: (Google Docs) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0> in the current context!
Error: Unable to interpret <CHR Extension: (Google Drive) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0> in the current context!
Error: Unable to interpret <CHR Extension: (YouTube) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0> in the current context!
Error: Unable to interpret <CHR Extension: (Google Search) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0> in the current context!
Error: Unable to interpret <CHR Extension: (We-Care.com Reminder) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.34_0> in the current context!
Error: Unable to interpret <CHR Extension: (DefaultTab) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0> in the current context!
Error: Unable to interpret <CHR Extension: (Gmail) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0> in the current context!
Error: Unable to interpret <==================== Services (Whitelisted) =================> in the current context!
Error: Unable to interpret <S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-11] ()> in the current context!
Error: Unable to interpret <R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll [309688 2012-04-12] (Symantec Corporation)> in the current context!
Error: Unable to interpret <S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)> in the current context!
Error: Unable to interpret <S2 DefaultTabUpdate; "C:\Users\dylan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" [x]> in the current context!
Error: Unable to interpret <==================== Drivers (Whitelisted) ====================> in the current context!
Error: Unable to interpret <S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)> in the current context!
Error: Unable to interpret <S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-06] (Symantec Corporation)> in the current context!
Error: Unable to interpret <S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121129.001\IDSvia64.sys [513184 2012-09-28] (Symantec Corporation)> in the current context!
Error: Unable to interpret <S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121130.002\ENG64.SYS [126112 2012-11-30] (Symantec Corporation)> in the current context!
Error: Unable to interpret <S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121130.002\EX64.SYS [2084000 2012-11-30] (Symantec Corporation)> in the current context!
Error: Unable to interpret <S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-09-11] (Symantec Corporation)> in the current context!
Error: Unable to interpret <S1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1309000.009\ccSetx64.sys [x]> in the current context!
Error: Unable to interpret <S3 clwvd; system32\DRIVERS\clwvd.sys [x]> in the current context!
Error: Unable to interpret <S3 SRTSP; \SystemRoot\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS [x]> in the current context!
Error: Unable to interpret <S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS [x]> in the current context!
Error: Unable to interpret <R0 SymDS; system32\drivers\NISx64\1309000.009\SYMDS64.SYS [x]> in the current context!
Error: Unable to interpret <R0 SymEFA; system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [x]> in the current context!
Error: Unable to interpret <S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1309000.009\Ironx64.SYS [x]> in the current context!
Error: Unable to interpret <S1 SymNetS; \SystemRoot\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [x]> in the current context!
Error: Unable to interpret <==================== NetSvcs (Whitelisted) ===================> in the current context!
Error: Unable to interpret <==================== One Month Created Files and Folders ========> in the current context!
Error: Unable to interpret <2013-05-31 18:14 - 2013-05-31 18:14 - 00000000 ____D C:\FRST> in the current context!
Error: Unable to interpret <2013-05-31 18:13 - 2013-05-31 18:14 - 01915980 ____A (Farbar) C:\Users\MoM\Desktop\FRST64.exe> in the current context!
Error: Unable to interpret <2013-05-31 18:12 - 2013-05-31 18:12 - 01915980 ____A (Farbar) C:\Users\MoM\Downloads\FRST64.exe> in the current context!
Error: Unable to interpret <2013-05-30 18:56 - 2013-05-30 18:56 - 00000000 ____D C:\_OTL> in the current context!
Error: Unable to interpret <2013-05-30 11:15 - 2013-05-30 11:15 - 00000000 ____D C:\Users\MoM\Desktop\New folder> in the current context!
Error: Unable to interpret <2013-05-29 21:11 - 2013-05-29 22:00 - 00000000 ____D C:\Users\MoM\AppData\Roaming\Mozilla> in the current context!
Error: Unable to interpret <2013-05-29 21:11 - 2013-05-29 21:11 - 00000000 ____D C:\Users\MoM\AppData\Local\Mozilla> in the current context!
Error: Unable to interpret <2013-05-11 20:56 - 2013-05-11 21:16 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleFordylan.job> in the current context!
Error: Unable to interpret <2013-05-09 08:39 - 2013-05-09 08:39 - 00000000 ____D C:\Program Files\Microsoft Games> in the current context!
Error: Unable to interpret <2013-05-08 14:08 - 2013-05-08 18:08 - 00000000 ____D C:\Windows\pss> in the current context!
Error: Unable to interpret <2013-05-07 13:31 - 2013-05-08 18:05 - 00000000 ____D C:\Windows\Temp9BA7E01F-CE05-05FC-6243-582339087120-Signatures> in the current context!
Error: Unable to interpret <2013-05-03 23:06 - 2013-05-03 23:06 - 00000000 ____D C:\Users\MoM\AppData\Local\CrashDumps> in the current context!
Error: Unable to interpret <2013-05-03 22:39 - 2013-05-04 08:11 - 00000168 ____A C:\Windows\setupact.log> in the current context!
Error: Unable to interpret <2013-05-03 22:39 - 2013-05-03 22:39 - 00000000 ____A C:\Windows\setuperr.log> in the current context!
Error: Unable to interpret <==================== One Month Modified Files and Folders =======> in the current context!
Error: Unable to interpret <2013-05-31 18:14 - 2013-05-31 18:14 - 00000000 ____D C:\FRST> in the current context!
Error: Unable to interpret <2013-05-31 18:14 - 2013-05-31 18:13 - 01915980 ____A (Farbar) C:\Users\MoM\Desktop\FRST64.exe> in the current context!
Error: Unable to interpret <2013-05-31 18:12 - 2013-05-31 18:12 - 01915980 ____A (Farbar) C:\Users\MoM\Downloads\FRST64.exe> in the current context!
Error: Unable to interpret <2013-05-31 18:04 - 2012-05-21 13:22 - 01401169 ____A C:\Windows\WindowsUpdate.log> in the current context!
Error: Unable to interpret <2013-05-30 19:57 - 2010-11-20 23:47 - 00036686 ____A C:\Windows\PFRO.log> in the current context!
Error: Unable to interpret <2013-05-30 19:47 - 2012-09-10 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox> in the current context!
Error: Unable to interpret <2013-05-30 18:56 - 2013-05-30 18:56 - 00000000 ____D C:\_OTL> in the current context!
Error: Unable to interpret <2013-05-30 11:15 - 2013-05-30 11:15 - 00000000 ____D C:\Users\MoM\Desktop\New folder> in the current context!
Error: Unable to interpret <2013-05-29 22:00 - 2013-05-29 21:11 - 00000000 ____D C:\Users\MoM\AppData\Roaming\Mozilla> in the current context!
Error: Unable to interpret <2013-05-29 21:11 - 2013-05-29 21:11 - 00000000 ____D C:\Users\MoM\AppData\Local\Mozilla> in the current context!
Error: Unable to interpret <2013-05-23 22:11 - 2012-11-21 14:04 - 00000000 ____D C:\Windows\Minidump> in the current context!
Error: Unable to interpret <2013-05-11 21:16 - 2013-05-11 20:56 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleFordylan.job> in the current context!
Error: Unable to interpret <2013-05-09 08:39 - 2013-05-09 08:39 - 00000000 ____D C:\Program Files\Microsoft Games> in the current context!
Error: Unable to interpret <2013-05-08 18:21 - 2012-09-10 18:41 - 00000000 ____D C:\users\dylan> in the current context!
Error: Unable to interpret <2013-05-08 18:19 - 2012-10-31 12:21 - 00000000 ____D C:\users\MoM> in the current context!
Error: Unable to interpret <2013-05-08 18:10 - 2012-11-02 02:32 - 00000000 ____D C:\users\mike> in the current context!
Error: Unable to interpret <2013-05-08 18:10 - 2012-10-27 10:21 - 00000000 ____D C:\users\Guest> in the current context!
Error: Unable to interpret <2013-05-08 18:10 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender> in the current context!
Error: Unable to interpret <2013-05-08 18:09 - 2012-12-11 16:51 - 00000000 ____D C:\Program Files\Microsoft Security Client> in the current context!
Error: Unable to interpret <2013-05-08 18:09 - 2012-12-11 16:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client> in the current context!
Error: Unable to interpret <2013-05-08 18:09 - 2012-09-10 19:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy> in the current context!
Error: Unable to interpret <2013-05-08 18:08 - 2013-05-08 14:08 - 00000000 ____D C:\Windows\pss> in the current context!
Error: Unable to interpret <2013-05-08 18:05 - 2013-05-07 13:31 - 00000000 ____D C:\Windows\Temp9BA7E01F-CE05-05FC-6243-582339087120-Signatures> in the current context!
Error: Unable to interpret <2013-05-08 18:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration> in the current context!
Error: Unable to interpret <2013-05-08 14:02 - 2009-07-14 00:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <2013-05-08 14:02 - 2009-07-14 00:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <2013-05-04 08:13 - 2012-09-14 23:17 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <2013-05-04 08:12 - 2012-12-18 20:00 - 00000284 ____A C:\Windows\Tasks\RMAutoUpdate.job> in the current context!
Error: Unable to interpret <2013-05-04 08:12 - 2012-11-20 15:59 - 00000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job> in the current context!
Error: Unable to interpret <2013-05-04 08:11 - 2013-05-03 22:39 - 00000168 ____A C:\Windows\setupact.log> in the current context!
Error: Unable to interpret <2013-05-04 08:11 - 2012-09-22 20:05 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics> in the current context!
Error: Unable to interpret <2013-05-04 08:11 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT> in the current context!
Error: Unable to interpret <2013-05-03 23:10 - 2011-07-12 23:37 - 00000000 ____D C:\ProgramData\Adobe> in the current context!
Error: Unable to interpret <2013-05-03 23:06 - 2013-05-03 23:06 - 00000000 ____D C:\Users\MoM\AppData\Local\CrashDumps> in the current context!
Error: Unable to interpret <2013-05-03 22:39 - 2013-05-03 22:39 - 00000000 ____A C:\Windows\setuperr.log> in the current context!
Error: Unable to interpret <2013-05-03 22:38 - 2012-11-08 21:37 - 00000000 ____D C:\Program Files\Google> in the current context!
Error: Unable to interpret <2013-05-03 22:38 - 2012-09-14 23:16 - 00000000 ____D C:\Program Files (x86)\Google> in the current context!
Error: Unable to interpret <2013-05-03 22:03 - 2012-09-14 23:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job> in the current context!
Error: Unable to interpret <2013-05-03 21:58 - 2012-09-10 20:17 - 00000000 ____D C:\ProgramData\Skype> in the current context!
Error: Unable to interpret <2013-05-03 21:52 - 2012-09-14 23:17 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job> in the current context!
Error: Unable to interpret <2013-05-03 21:21 - 2012-09-10 20:36 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2205873689-3631405970-2799378404-1000UA.job> in the current context!
Error: Unable to interpret <2013-05-03 20:30 - 2013-04-22 20:36 - 00000000 ____A C:\END> in the current context!
Error: Unable to interpret <2013-05-03 14:18 - 2012-12-11 20:41 - 00002113 ____A C:\Windows\epplauncher.mif> in the current context!
Error: Unable to interpret <2013-05-02 11:29 - 2010-11-20 23:27 - 00278800 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe> in the current context!
Error: Unable to interpret <==================== Bamital & volsnap Check =================> in the current context!
Error: Unable to interpret <C:\Windows\System32\winlogon.exe => MD5 is legit> in the current context!
Error: Unable to interpret <C:\Windows\System32\wininit.exe => MD5 is legit> in the current context!
Error: Unable to interpret <C:\Windows\SysWOW64\wininit.exe => MD5 is legit> in the current context!
Error: Unable to interpret <C:\Windows\explorer.exe => MD5 is legit> in the current context!
Error: Unable to interpret <C:\Windows\SysWOW64\explorer.exe => MD5 is legit> in the current context!
Error: Unable to interpret <C:\Windows\System32\svchost.exe => MD5 is legit> in the current context!
Error: Unable to interpret <C:\Windows\SysWOW64\svchost.exe => MD5 is legit> in the current context!
Error: Unable to interpret <C:\Windows\System32\services.exe => MD5 is legit> in
  • 0

#9
marycon1

marycon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
when i went to my desktop and looked for the file you told me that would be saved under the name (Fixlog.txt) this is the report that came up. It was on notepad. The other report, the long one, is what came up right after I ran FRST through OTL fix it scan. Was not sure which one was needed so I sent both. Let me know if you need anything else, which I am sure I will need to do something (no problem I will do anything to fix this stupid machine, hope I did not affend my computer just now, because I sure do not have the funding to take it somewhere) for problem to be resolved. I really really appreciate you and this website. If I had any funds I definately would help out this cause. Hope these help mary. Report straight from desktop: Start
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
End
  • 0

#10
marycon1

marycon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I promise I will not bother you again today. On the last report sent the short one saying to remove program files,microsoft security client, and to remove windows defender, am I supposed to remove these? Working only in safe mode is more vulnerable to viruses I have heard. If I was to remove these I would feel my computer would be succeptible to anything. I would still have norton but I am not sure if it is even still protecting computer. It might have been a trial basis. Let me know. Thank you Mary
  • 0

Advertisements


#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

I promise I will not bother you again today. On the last report sent the short one saying to remove program files,microsoft security client, and to remove windows defender, am I supposed to remove these? Working only in safe mode is more vulnerable to viruses I have heard. If I was to remove these I would feel my computer would be succeptible to anything. I would still have norton but I am not sure if it is even still protecting computer. It might have been a trial basis. Let me know. Thank you Mary


I don't know how the last report came about.

The last fixlist.txt file I ask you to download, must be placed on your desktop next to FRST64, then you must run FRST64 and click on the fix button. Do not remove those folders.

I am noticing you are not logged as an Administrator. In order to run our tools, you must have Administrator's privileges.

Can you run the fix and another scan as an Administrator? We wont be able to work on your computer on a Limited account.
  • 0

#12
marycon1

marycon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes, I will run the fix and other scan as administrator. I also wanted to let you know when I tried to remove microsoft security essentials and windows defender i was unable to because it said they were being used or something of the sort, i will try again after i am logged on as administrator. i have always had administrators priveleges but maybe have better luck running fixes as administrator. shall see what happens. the weird thing about this problem is that i can use the internet but with some things it will say i do not have an internet connection. talk later, mary
  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Yes, I will run the fix and other scan as administrator. I also wanted to let you know when I tried to remove microsoft security essentials and windows defender i was unable to because it said they were being used or something of the sort, i will try again after i am logged on as administrator. i have always had administrators priveleges but maybe have better luck running fixes as administrator. shall see what happens. the weird thing about this problem is that i can use the internet but with some things it will say i do not have an internet connection. talk later, mary

Do not attempt to remove those programs or folders. There is an issue with them. We will take care of that soon.
  • 0

#14
marycon1

marycon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I am runing as adminisrator and I hope I moved the correst files from farbar. Let me know. I get confused about running logs on notepad through the farbar system. I aIways am not sue about exactly what I am supossed to run through farbar, but they were next to each other, fixitlist and farbar took were next together on desktop and when I ran the fix farbar ran something. I did run the fix through farbar so I hope they are the right ones. Computers confuse the heck out of me. thanks again mary
rror: Unable to interpret <Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01> in the current context!
Error: Unable to interpret <Ran by MoM (ATTENTION: The logged in user is not administrator) on 31-05-2013 18:14:48> in the current context!
Error: Unable to interpret <Running from C:\Users\MoM\Desktop> in the current context!
Error: Unable to interpret <Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)> in the current context!
Error: Unable to interpret <Internet Explorer Version 9> in the current context!
Error: Unable to interpret <Boot Mode: Safe Mode (with Networking)> in the current context!
Error: Unable to interpret <Attention: System hive is missing.> in the current context!
Error: Unable to interpret <==================== Processes (Whitelisted) =================> in the current context!
Error: Unable to interpret <(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe> in the current context!
Error: Unable to interpret <(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe> in the current context!
Error: Unable to interpret <(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe> in the current context!
Error: Unable to interpret <(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe> in the current context!
Error: Unable to interpret <==================== Registry (Whitelisted) ==================> in the current context!
Error: Unable to interpret <Attention: Software hive is missing.> in the current context!
Error: Unable to interpret <HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)> in the current context!
Error: Unable to interpret <HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)> in the current context!
Error: Unable to interpret <HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <HKLM-x32\...\RunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Sea> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 06022013_185141
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2013 01
Ran by MoM at 2013-06-02 18:29:13 Run:1
Running from C:\Users\MoM\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

"C:\Program Files\Microsoft Security Client\Backup" => Failed to delete reparsepoint. Reboot and run the fix again.
"C:\Program Files\Microsoft Security Client\Drivers" => Failed to delete reparsepoint. Reboot and run the fix again.
"C:\Program Files\Microsoft Security Client\en-us" => Failed to delete reparsepoint. Reboot and run the fix again.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Failed to delete reparsepoint. Reboot and run the fix again.
"C:\Program Files\Microsoft Security Client" => Deleting junctions and unlocking files completed successfully.
"C:\Program Files\Windows Defender\en-US" => Failed to delete reparsepoint. Reboot and run the fix again.
"C:\Program Files\Windows Defender" => Deleting junctions and unlocking files completed successfully.

==== End of Fixlog ====
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01
Ran by MoM (ATTENTION: The logged in user is not administrator) on 31-05-2013 18:14:48
Running from C:\Users\MoM\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
Attention: System hive is missing.


==================== Processes (Whitelisted) =================

(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe

==================== Registry (Whitelisted) ==================

Attention: Software hive is missing.

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [5365592 2009-01-26] (Safer Networking Limited)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex [706776 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [5365592 2009-01-26] (Safer Networking Limited)
HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {B4A3D7CE-47C7-4D3D-83EF-54A42F2759D3} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect..._oid=09-01-2013
&tb_mrud=09-01-2013

SearchScopes: HKLM-x32 - {B4A3D7CE-47C7-4D3D-83EF-54A42F2759D3} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKCU - {B4A3D7CE-47C7-4D3D-83EF-54A42F2759D3} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: Software Assist - {11111111-1111-1111-1111-110011301126} - C:\Program Files (x86)\Software Assist\Software Assist.dll (Software Assist)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\dylan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
PDF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab
PDF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\MoM\AppData\Roaming\Mozilla\Firefox\Profiles\b85huxpx.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\MoM\AppData\Roaming\Mozilla\Firefox\Profiles\b85huxpx.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (We-Care.com Reminder) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.34_0
CHR Extension: (DefaultTab) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0
CHR Extension: (Gmail) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-11] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll [309688 2012-04-12] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 DefaultTabUpdate; "C:\Users\dylan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" [x]

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-06] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121129.001\IDSvia64.sys [513184 2012-09-28] (Symantec Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121130.002\ENG64.SYS [126112 2012-11-30] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121130.002\EX64.SYS [2084000 2012-11-30] (Symantec Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-09-11] (Symantec Corporation)
S1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1309000.009\ccSetx64.sys [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
S3 SRTSP; \SystemRoot\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS [x]
S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS [x]
R0 SymDS; system32\drivers\NISx64\1309000.009\SYMDS64.SYS [x]
R0 SymEFA; system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [x]
S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1309000.009\Ironx64.SYS [x]
S1 SymNetS; \SystemRoot\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-31 18:14 - 2013-05-31 18:14 - 00000000 ____D C:\FRST
2013-05-31 18:13 - 2013-05-31 18:14 - 01915980 ____A (Farbar) C:\Users\MoM\Desktop\FRST64.exe
2013-05-31 18:12 - 2013-05-31 18:12 - 01915980 ____A (Farbar) C:\Users\MoM\Downloads\FRST64.exe
2013-05-30 18:56 - 2013-05-30 18:56 - 00000000 ____D C:\_OTL
2013-05-30 11:15 - 2013-05-30 11:15 - 00000000 ____D C:\Users\MoM\Desktop\New folder
2013-05-29 21:11 - 2013-05-29 22:00 - 00000000 ____D C:\Users\MoM\AppData\Roaming\Mozilla
2013-05-29 21:11 - 2013-05-29 21:11 - 00000000 ____D C:\Users\MoM\AppData\Local\Mozilla
2013-05-11 20:56 - 2013-05-11 21:16 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleFordylan.job
2013-05-09 08:39 - 2013-05-09 08:39 - 00000000 ____D C:\Program Files\Microsoft Games
2013-05-08 14:08 - 2013-05-08 18:08 - 00000000 ____D C:\Windows\pss
2013-05-07 13:31 - 2013-05-08 18:05 - 00000000 ____D C:\Windows\Temp9BA7E01F-CE05-05FC-6243-582339087120-Signatures
2013-05-03 23:06 - 2013-05-03 23:06 - 00000000 ____D C:\Users\MoM\AppData\Local\CrashDumps
2013-05-03 22:39 - 2013-05-04 08:11 - 00000168 ____A C:\Windows\setupact.log
2013-05-03 22:39 - 2013-05-03 22:39 - 00000000 ____A C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-05-31 18:14 - 2013-05-31 18:14 - 00000000 ____D C:\FRST
2013-05-31 18:14 - 2013-05-31 18:13 - 01915980 ____A (Farbar) C:\Users\MoM\Desktop\FRST64.exe
2013-05-31 18:12 - 2013-05-31 18:12 - 01915980 ____A (Farbar) C:\Users\MoM\Downloads\FRST64.exe
2013-05-31 18:04 - 2012-05-21 13:22 - 01401169 ____A C:\Windows\WindowsUpdate.log
2013-05-30 19:57 - 2010-11-20 23:47 - 00036686 ____A C:\Windows\PFRO.log
2013-05-30 19:47 - 2012-09-10 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-30 18:56 - 2013-05-30 18:56 - 00000000 ____D C:\_OTL
2013-05-30 11:15 - 2013-05-30 11:15 - 00000000 ____D C:\Users\MoM\Desktop\New folder
2013-05-29 22:00 - 2013-05-29 21:11 - 00000000 ____D C:\Users\MoM\AppData\Roaming\Mozilla
2013-05-29 21:11 - 2013-05-29 21:11 - 00000000 ____D C:\Users\MoM\AppData\Local\Mozilla
2013-05-23 22:11 - 2012-11-21 14:04 - 00000000 ____D C:\Windows\Minidump
2013-05-11 21:16 - 2013-05-11 20:56 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleFordylan.job
2013-05-09 08:39 - 2013-05-09 08:39 - 00000000 ____D C:\Program Files\Microsoft Games
2013-05-08 18:21 - 2012-09-10 18:41 - 00000000 ____D C:\users\dylan
2013-05-08 18:19 - 2012-10-31 12:21 - 00000000 ____D C:\users\MoM
2013-05-08 18:10 - 2012-11-02 02:32 - 00000000 ____D C:\users\mike
2013-05-08 18:10 - 2012-10-27 10:21 - 00000000 ____D C:\users\Guest
2013-05-08 18:10 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-08 18:09 - 2012-12-11 16:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-08 18:09 - 2012-12-11 16:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-05-08 18:09 - 2012-09-10 19:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-08 18:08 - 2013-05-08 14:08 - 00000000 ____D C:\Windows\pss
2013-05-08 18:05 - 2013-05-07 13:31 - 00000000 ____D C:\Windows\Temp9BA7E01F-CE05-05FC-6243-582339087120-Signatures
2013-05-08 18:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-05-08 14:02 - 2009-07-14 00:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-08 14:02 - 2009-07-14 00:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-04 08:13 - 2012-09-14 23:17 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-04 08:12 - 2012-12-18 20:00 - 00000284 ____A C:\Windows\Tasks\RMAutoUpdate.job
2013-05-04 08:12 - 2012-11-20 15:59 - 00000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-05-04 08:11 - 2013-05-03 22:39 - 00000168 ____A C:\Windows\setupact.log
2013-05-04 08:11 - 2012-09-22 20:05 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-05-04 08:11 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-03 23:10 - 2011-07-12 23:37 - 00000000 ____D C:\ProgramData\Adobe
2013-05-03 23:06 - 2013-05-03 23:06 - 00000000 ____D C:\Users\MoM\AppData\Local\CrashDumps
2013-05-03 22:39 - 2013-05-03 22:39 - 00000000 ____A C:\Windows\setuperr.log
2013-05-03 22:38 - 2012-11-08 21:37 - 00000000 ____D C:\Program Files\Google
2013-05-03 22:38 - 2012-09-14 23:16 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-03 22:03 - 2012-09-14 23:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-03 21:58 - 2012-09-10 20:17 - 00000000 ____D C:\ProgramData\Skype
2013-05-03 21:52 - 2012-09-14 23:17 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-03 21:21 - 2012-09-10 20:36 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2205873689-3631405970-2799378404-1000UA.job
2013-05-03 20:30 - 2013-04-22 20:36 - 00000000 ____A C:\END
2013-05-03 14:18 - 2012-12-11 20:41 - 00002113 ____A C:\Windows\epplauncher.mif
2013-05-02 11:29 - 2010-11-20 23:27 - 00278800 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctions

I hope these are the ones in need of. Let me know once again yhanks mary
  • 0

#15
marycon1

marycon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Farbar was used on yhis note pad also, I may have sent already but to be safe this is it.
tional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2013 01
Ran by MoM at 2013-05-31 18:16:37 Run:
Running from C:\Users\MoM\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader X (10.1.6) MUI (Version: 10.1.6)
Adobe Shockwave Player 11.6 (Version: 11.6.7.637)
AOL Toolbar
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compaq Setup Manager (Version: 1.1.13476.3753)
CWA Reminder by We-Care.com v4.1.18.3 (Version: 4.1.18.3)
D3DX10 (Version: 15.4.2368.0902)
DefaultTab (Version: 1.2.8.0)
DefaultTab Chrome (Version: 1.1.14)
DirectX Media Runtime 5.1
Download Updater (AOL Inc.)
Easy BitTorrent Client
ESU for Microsoft Windows 7 SP1 (Version: 2.1.1)
Field & Stream® Trophy Buck
Fraps
Free Opener (Version: 1.4)
Google Chrome (Version: 26.0.1410.64)
Google Update Helper (Version: 1.3.21.135)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Launch Box (Version: 1.0.11)
HP On Screen Display (Version: 1.3.5)
HP Power Manager (Version: 1.4.8)
HP Quick Launch (Version: 2.7.2)
HP QuickWeb (Version: 3.1.0.9742)
HP Setup (Version: 8.7.4751.3798)
HP Software Framework (Version: 4.1.13.1)
HP Support Assistant (Version: 7.0.39.15)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2353)
J2SE Runtime Environment 5.0 (Version: 1.5.0)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Netflix in Windows Media Center (Version: 3.3.101.0)
Norton Internet Security (Version: 19.9.0.9)
PlayReady PC Runtime x86 (Version: 1.3.0)
Realtek Ethernet Controller Driver (Version: 7.42.304.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6287)
Realtek PCIE Card Reader (Version: 6.1.7600.77)
REALTEK Wireless LAN Driver (Version: 1.00.11.0706)
Recovery Manager (Version: 2.0.0)
Software Assist (Version: 1.20.150.150)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.11.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Ventrilo Client (Version: 3.0.8)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Software Update

==================== Restore Points =========================


==================== Hosts content: ==========================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are more than 1000 lines starting with "127.0.0.1"


==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2013 05:35:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2013 05:32:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2013 05:22:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 07:59:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 07:00:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 06:45:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 01:07:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 00:24:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 00:20:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 11:58:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/31/2013 06:12:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/31/2013 06:12:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/31/2013 06:10:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/31/2013 06:10:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/31/2013 06:05:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/31/2013 06:05:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/31/2013 06:04:25 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

New Engine Version:

Previous Engine Version: 2.1.9402.0

Engine Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Error Code: %NT AUTHORITY601

Error description: %NT AUTHORITY602

Error: (05/31/2013 06:04:25 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 101.4.0.0

Update Source: %NT AUTHORITY15

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/31/2013 06:04:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.149.1856.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/31/2013 06:04:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.149.1856.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (05/31/2013 05:35:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2013 05:32:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2013 05:22:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 07:59:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 07:00:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 06:45:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 01:07:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 00:24:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 00:20:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 11:58:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetIns
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP