Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer shuts off automatically


  • Please log in to reply

#1
juanchito

juanchito

    New Member

  • Member
  • Pip
  • 7 posts
Hello, I've been having problems with my computer. My computer just shuts off automatically. No error message, no blue screen, nothing. After I turn on my computer it says "This computer has currently recovered from an unexpected shut down."

This is the otl log

AOTL logfile created on: 6/26/2013 8:57:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michelle\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 59.93% Memory free
7.90 Gb Paging File | 6.20 Gb Available in Paging File | 78.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.21 Gb Total Space | 222.35 Gb Free Space | 81.38% Space Free | Partition Type: NTFS
Drive D: | 20.71 Gb Total Space | 2.24 Gb Free Space | 10.80% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.13% Space Free | Partition Type: FAT32

Computer Name: MICHELLE-HP | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/26 20:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michelle\Downloads\OTL.exe
PRC - [2013/06/11 23:47:27 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/21 21:05:13 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/04/21 17:20:12 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/07 22:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/19 17:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/20 14:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/11 23:47:26 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/21 21:05:13 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/17 20:41:22 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/09/08 09:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/11 23:47:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 21:05:13 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/29 14:02:22 | 002,424,424 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/20 14:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 21:14:59 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/15 22:21:00 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/15 22:21:00 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/08 09:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/08/29 14:02:28 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/08/09 12:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/25 14:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/21 23:01:14 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/18 20:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/20 13:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 13:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/05/23 19:34:43 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120523.002\ex64.sys -- (NAVEX15)
DRV - [2012/05/23 19:34:43 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120523.002\eng64.sys -- (NAVENG)
DRV - [2012/05/07 00:22:22 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120523.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/09 20:52:11 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/04/09 20:52:11 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/02 23:39:56 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6E70B460-956A-46C7-944F-25343A8D486A}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6E70B460-956A-46C7-944F-25343A8D486A}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{6E70B460-956A-46C7-944F-25343A8D486A}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/04/18 20:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013/06/22 11:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/21 17:20:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/07 22:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Extensions
[2012/10/26 10:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tpnh10jf.default\extensions
[2013/05/21 21:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/21 21:05:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B4C73F4-1B1E-4C7C-A062-CC8791AF3CFB}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/20 07:21:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2013/06/26 20:41:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 20:41:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 20:38:41 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/26 20:38:41 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/26 20:38:41 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/26 20:35:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/26 20:35:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/20 07:21:40 | 448,298,497 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/20 07:21:39 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/05 13:08:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMichelle.job
[2013/06/05 12:48:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/05 12:48:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

========== Files Created - No Company Name ==========

[2013/06/20 07:21:40 | 448,298,497 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/06/05 12:48:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/05 12:48:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/04 22:02:55 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMichelle.job
[2012/11/07 00:29:36 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/15 08:38:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/09/06 16:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/08/09 12:30:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/09 12:30:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/09 12:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/09 12:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/09 11:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/07/21 22:59:02 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/08 06:51:02 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\SoftGrid Client
[2012/03/24 17:05:00 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Synaptics
[2012/11/07 00:30:23 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\TP

========== Purity Check ==========



< End of report >


Thank you guys for your help.
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello juanchito,

Welcome to Geekstogo.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. The 64bit one will be the right version for your machine.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
juanchito

juanchito

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Michelle (administrator) on 06-07-2013 09:26:09
Running from C:\Users\Michelle\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2012-04-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {6E70B460-956A-46C7-944F-25343A8D486A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {6E70B460-956A-46C7-944F-25343A8D486A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKCU - {6E70B460-956A-46C7-944F-25343A8D486A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tpnh10jf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

==================== Services (Whitelisted) =================

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-04-09] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-04-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-04-09] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120523.001\IDSvia64.sys [488568 2012-05-07] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120523.001\IDSvia64.sys [488568 2012-05-07] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120523.002\ENG64.SYS [120440 2012-05-23] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120523.002\ENG64.SYS [120440 2012-05-23] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120523.002\EX64.SYS [2068600 2012-05-23] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120523.002\EX64.SYS [2068600 2012-05-23] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-18] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-06 09:25 - 2013-07-06 09:25 - 01934636 ____A (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2013-07-06 09:25 - 2013-07-06 09:25 - 00000000 ____D C:\FRST
2013-07-06 09:24 - 2013-07-06 09:24 - 01373373 ____A (Farbar) C:\Users\Michelle\Downloads\FRST.exe
2013-07-03 00:16 - 2013-07-03 00:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 21:03 - 2013-06-26 21:03 - 00076488 ____A C:\Users\Michelle\Downloads\OTL.Txt
2013-06-26 21:03 - 2013-06-26 21:03 - 00066258 ____A C:\Users\Michelle\Downloads\Extras.Txt
2013-06-26 20:57 - 2013-06-26 20:57 - 00602112 ____A (OldTimer Tools) C:\Users\Michelle\Downloads\OTL.exe
2013-06-20 07:21 - 2013-06-20 07:21 - 448298497 ____A C:\Windows\MEMORY.DMP
2013-06-20 07:21 - 2013-06-20 07:21 - 00262144 ____A C:\Windows\Minidump\062013-22120-01.dmp
2013-06-20 07:21 - 2013-06-20 07:21 - 00000000 ____D C:\Windows\Minidump
2013-06-20 00:40 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-20 00:40 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-20 00:40 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-20 00:40 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-20 00:40 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-20 00:40 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-20 00:40 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-20 00:40 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-20 00:40 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-20 00:40 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-20 00:40 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-20 00:40 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 23:01 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 23:01 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 23:01 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 23:01 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 23:01 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 23:01 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 23:01 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 23:01 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 23:01 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 23:01 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 23:01 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 23:01 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 23:01 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 23:01 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 23:01 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 23:00 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 23:00 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 23:00 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 23:00 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 22:32 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 22:32 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 22:32 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 22:32 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 22:32 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 22:32 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 22:32 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 22:32 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 22:32 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 22:32 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 22:32 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 22:32 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 22:32 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 22:32 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 22:32 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 22:32 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 22:32 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 22:32 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 22:32 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-06 09:25 - 2013-07-06 09:25 - 01934636 ____A (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2013-07-06 09:25 - 2013-07-06 09:25 - 00000000 ____D C:\FRST
2013-07-06 09:24 - 2013-07-06 09:24 - 01373373 ____A (Farbar) C:\Users\Michelle\Downloads\FRST.exe
2013-07-06 09:24 - 2009-07-14 01:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-06 09:22 - 2012-09-02 22:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-05 23:48 - 2012-01-15 08:36 - 01306961 ____A C:\Windows\WindowsUpdate.log
2013-07-04 19:00 - 2009-07-14 00:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 19:00 - 2009-07-14 00:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 12:28 - 2013-06-04 22:02 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForMichelle.job
2013-07-03 12:28 - 2012-09-02 21:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 12:28 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 12:28 - 2009-07-14 00:51 - 00064503 ____A C:\Windows\setupact.log
2013-07-03 00:16 - 2013-07-03 00:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 23:25 - 2012-10-05 06:47 - 00000000 ____D C:\Users\Michelle\AppData\Local\CrashDumps
2013-07-01 22:59 - 2012-07-15 07:01 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-01 22:59 - 2012-04-25 17:34 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-06-26 21:03 - 2013-06-26 21:03 - 00076488 ____A C:\Users\Michelle\Downloads\OTL.Txt
2013-06-26 21:03 - 2013-06-26 21:03 - 00066258 ____A C:\Users\Michelle\Downloads\Extras.Txt
2013-06-26 20:57 - 2013-06-26 20:57 - 00602112 ____A (OldTimer Tools) C:\Users\Michelle\Downloads\OTL.exe
2013-06-20 07:21 - 2013-06-20 07:21 - 448298497 ____A C:\Windows\MEMORY.DMP
2013-06-20 07:21 - 2013-06-20 07:21 - 00262144 ____A C:\Windows\Minidump\062013-22120-01.dmp
2013-06-20 07:21 - 2013-06-20 07:21 - 00000000 ____D C:\Windows\Minidump
2013-06-15 23:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-11 23:47 - 2012-09-02 22:01 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 23:47 - 2011-10-15 22:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-08 10:08 - 2013-06-20 00:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 10:07 - 2013-06-20 00:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 10:06 - 2013-06-20 00:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 10:06 - 2013-06-20 00:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 10:06 - 2013-06-20 00:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 08:28 - 2013-06-20 00:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 07:42 - 2013-06-20 00:40 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 07:40 - 2013-06-20 00:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 07:40 - 2013-06-20 00:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 07:40 - 2013-06-20 00:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 07:40 - 2013-06-20 00:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 07:13 - 2013-06-20 00:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-05 14:08

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Michelle at 2013-07-06 09:26:41
Running from C:\Users\Michelle\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.0) MUI (x32 Version: 10.1.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.1.629)
Bejeweled 3 (x32 Version: 2.2.0.97)
Bing Bar (x32 Version: 7.1.391.0)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.2.8188)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
CyberLink YouCam (x32 Version: 3.5.0.4422)
D3DX10 (x32 Version: 15.4.2368.0902)
Dora's World Adventure (x32 Version: 2.2.0.95)
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1)
Evernote v. 4.2.3 (x32 Version: 4.2.3.22)
Farm Frenzy (x32 Version: 2.2.0.98)
Farmscapes (x32 Version: 2.2.0.98)
FATE (x32 Version: 2.2.0.97)
Final Drive Fury (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
Hoyle Card Games (x32 Version: 2.2.0.95)
HP Application Assistant (Version: 1.0.409.3882)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Documentation (x32 Version: 1.1.0.0)
HP Games (x32 Version: 1.0.2.5)
HP Launch Box (Version: 1.0.11)
HP MovieStore (x32 Version: 2.1.091)
HP MovieStore (x32 Version: 2.1.21091.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.7)
HP Quick Launch (x32 Version: 2.7.2)
HP QuickWeb (x32 Version: 3.1.1.10197)
HP Recovery Manager (x32 Version: 2.0.0)
HP Security Assistant (Version: 1.0.12)
HP Setup (x32 Version: 9.0.15076.3891)
HP Setup Manager (x32 Version: 1.2.14901.3869)
HP Software Framework (x32 Version: 4.5.10.1)
HP Support Assistant (x32 Version: 7.0.39.15)
IDT Audio (x32 Version: 1.0.6365.0)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2476)
Intel® Rapid Storage Technology (x32 Version: 10.6.0.1002)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Letters from Nowhere 2 (x32 Version: 2.2.0.97)
Luxor HD (x32 Version: 2.2.0.98)
Mah Jong Medley (x32 Version: 2.2.0.95)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Norton Internet Security (x32 Version: 19.9.1.14)
opensource (x32 Version: 1.0.14960.3876)
Penguins! (x32 Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.46.610.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.84)
REALTEK Wireless LAN Driver (x32 Version: 1.00.11.0706)
RealUpgrade 1.1 (x32 Version: 1.1.0)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98)
Skype™ 5.10 (x32 Version: 5.10.116)
swMSM (x32 Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.17.0)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98)
Torchlight (x32 Version: 2.2.0.98)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points =========================

22-05-2013 01:00:36 Windows Update
25-05-2013 01:41:50 Windows Update
29-05-2013 01:57:45 Windows Update
05-06-2013 02:10:25 Windows Update
05-06-2013 16:46:35 Windows Update
13-06-2013 02:29:06 Windows Update
14-06-2013 02:58:57 Windows Update
20-06-2013 04:40:25 Windows Update
27-06-2013 00:38:44 Windows Update
30-06-2013 03:46:03 Windows Update
05-07-2013 17:42:30 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {014EAEEB-DD7C-418D-970B-86D22EFB22CD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2001495845-3756729526-2984234223-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {14CB83C7-AA9D-4B4C-A6A4-F95622A5DF5F} - System32\Tasks\{2C9F2C2A-116E-4D60-BF9A-E448B24D33D2} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-07-03] (Mozilla Corporation)
Task: {182D0E15-E66B-4AB7-BED1-4621FCAD96B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {1FE5105D-986D-4F50-A1E0-4B2FD316D61B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-22] (CyberLink)
Task: {3630609C-62E5-4322-B907-86FF415E87D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-06-10] (Hewlett-Packard)
Task: {433898F4-2A8C-4399-BC00-B64144FCB229} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {590DC691-173D-4421-8181-04914CEDCF14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {5C94E52F-0DF3-4FC0-87C2-90D0BD3C4431} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {640AE5E1-32C7-4747-B032-5A930E815D20} - System32\Tasks\{899540A1-8FFD-4F4D-B181-661A7504A726} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-07-03] (Mozilla Corporation)
Task: {696341D9-99A1-4540-A7B2-18342C462F07} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {7BC7245A-B2B5-469C-AA67-2A8562D3889C} - System32\Tasks\User_Feed_Synchronization-{46551336-4028-404A-947C-6D60580B9281} => C:\Windows\system32\msfeedssync.exe [2013-06-05] (Microsoft Corporation)
Task: {808697F6-6EB7-4AD4-8495-E98C4A116CBD} - System32\Tasks\{753768F9-25F9-430E-99E9-C0217D7FCCD4} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-07-03] (Mozilla Corporation)
Task: {8398F4F2-1ADD-44CF-9CE7-99C6F570F4BC} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {859BB62B-EA23-45E2-AC78-A7DA4421422A} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-28] ()
Task: {85A97E26-7AC7-40D6-8D3F-E595E1585ACA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {87153D1B-314E-4F9F-99BD-C47459B15859} - System32\Tasks\HPCeeScheduleForMichelle => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {AF5D4F27-5553-42D4-A7DC-64FC1C2C9B63} - System32\Tasks\{71605135-86EC-43AC-8267-C5A0B8E826AB} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-07-03] (Mozilla Corporation)
Task: {CE5D3093-3A11-44F7-86B0-B8EC9963BEFB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2001495845-3756729526-2984234223-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {ED861C5E-34DD-4833-8B47-C37CC0E5BD94} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {EE49D9A2-E2D4-484F-9486-99FF18B3A930} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMichelle.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2013 00:28:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2013 01:49:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 21.0.0.4879, time stamp: 0x518ec3cc
Faulting module name: xul.dll, version: 21.0.0.4879, time stamp: 0x518ec306
Exception code: 0xc0000005
Fault offset: 0x001c9789
Faulting process id: 0x1118
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (07/02/2013 01:09:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_7_700_224.exe, version: 11.7.700.224, time stamp: 0x51a67447
Faulting module name: FlashPlayerPlugin_11_7_700_224.exe, version: 11.7.700.224, time stamp: 0x51a67447
Exception code: 0x40000015
Fault offset: 0x000178f0
Faulting process id: 0x2938
Faulting application start time: 0xFlashPlayerPlugin_11_7_700_224.exe0
Faulting application path: FlashPlayerPlugin_11_7_700_224.exe1
Faulting module path: FlashPlayerPlugin_11_7_700_224.exe2
Report Id: FlashPlayerPlugin_11_7_700_224.exe3

Error: (06/27/2013 09:41:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2013 00:00:11 AM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_7_700_224.exe, version: 11.7.700.224, time stamp: 0x51a67447
Faulting module name: FlashPlayerPlugin_11_7_700_224.exe, version: 11.7.700.224, time stamp: 0x51a67447
Exception code: 0x40000015
Fault offset: 0x000178f0
Faulting process id: 0xff4
Faulting application start time: 0xFlashPlayerPlugin_11_7_700_224.exe0
Faulting application path: FlashPlayerPlugin_11_7_700_224.exe1
Faulting module path: FlashPlayerPlugin_11_7_700_224.exe2
Report Id: FlashPlayerPlugin_11_7_700_224.exe3

Error: (06/22/2013 11:08:06 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (06/20/2013 07:22:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 01:08:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2013 08:59:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2013 07:35:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/20/2013 07:21:54 AM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa800868cb30, 0xfffffa800868ce10, 0xfffff80002f91350)C:\Windows\MEMORY.DMP062013-22120-01

Error: (06/20/2013 07:21:44 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:11:30 AM on ?6/?20/?2013 was unexpected.

Error: (06/13/2013 11:20:25 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%-2147024882

Error: (06/08/2013 02:11:29 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/05/2013 01:07:10 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/15/2013 11:52:25 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/15/2013 08:32:24 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%1053

Error: (05/15/2013 08:32:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

Error: (05/14/2013 01:32:30 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/08/2013 11:35:01 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:
%%1056


Microsoft Office Sessions:
=========================
Error: (07/03/2013 00:28:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2013 01:49:44 AM) (Source: Application Error)(User: )
Description: firefox.exe21.0.0.4879518ec3ccxul.dll21.0.0.4879518ec306c0000005001c9789111801ce76e268819051C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll3178f5cb-e2db-11e2-8760-78e3b5655ba2

Error: (07/02/2013 01:09:55 AM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_7_700_224.exe11.7.700.22451a67447FlashPlayerPlugin_11_7_700_224.exe11.7.700.22451a6744740000015000178f0293801ce76d84bf08623C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exea185dec9-e2d5-11e2-8760-78e3b5655ba2

Error: (06/27/2013 09:41:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2013 00:00:11 AM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_7_700_224.exe11.7.700.22451a67447FlashPlayerPlugin_11_7_700_224.exe11.7.700.22451a6744740000015000178f0ff401ce72e2eb79603eC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe101c91ca-dede-11e2-83a7-78e3b5655ba2

Error: (06/22/2013 11:08:06 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (06/20/2013 07:22:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 01:08:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2013 08:59:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2013 07:35:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 4043.86 MB
Available physical RAM: 2427.45 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 6261.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:273.21 GB) (Free:223.81 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.71 GB) (Free:2.24 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32 (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 6F916D90)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=273 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello juanchito,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next

Please run another scan with Farbars Recovery Scan Tool and post the log back here.

So when you return please post
  • Fixlog.txt
  • FRST.txt

  • 0

#5
juanchito

juanchito

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Im sorry I don't quite understand the steps. I don't understand what does "run frst/frst64" mean. And I don't know how to check to see if the frst and the fixlist.txt are in the same location.
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
It refers to Farbars Recovery Scan.

I assume you have downloaded the fixlist.txt to your desktop.

What you do next is open (run) Farbars Recovery Scan Tool and click on Fix.

A log is generated called Fixlog.txt. Please copy and post back here.

After that please open Farbars Recovery Scan Tool again and this time click on Scan.

A log is generated when it is finished called FRST.txt. Please post that back here as well.
  • 0

#7
juanchito

juanchito

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Um Im having some issue over here. I know that you said to download the fixlist to my desktop which I did, however when I open up farbar and click on fix it says no fixlist found. Also It says that It needs to be updated, should I update? Thank you so much for your patience.
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Also It says that It needs to be updated, should I update?


Yes you do need to update it.

I know that you said to download the fixlist to my desktop which I did, however when I open up farbar and click on fix it says no fixlist found.


Where have you saved them too?

It won't work if they are saved in different places (see fix instructions at post #4).

Have a look on your desktop and see if they are both there. If not then you can search for them by entering the name in the Search all programs and files panel (to find that click on Start and it pops up at the bottom of the Start menu), or, try looking your Downloads folder.

Have a look and see what you can find.

If you still have a problem come back and tell me and we will use another approach. :)
  • 0

#9
juanchito

juanchito

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Got it. Thank you.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2013 01
Ran by Michelle at 2013-07-10 11:48:02 Run:1
Running from C:\Users\Michelle\Desktop\frst
Boot Mode: Normal
==============================================

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E70B460-956A-46C7-944F-25343A8D486A} => Key deleted successfully.
HKCR\CLSID\{6E70B460-956A-46C7-944F-25343A8D486A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key deleted successfully.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6E70B460-956A-46C7-944F-25343A8D486A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6E70B460-956A-46C7-944F-25343A8D486A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E70B460-956A-46C7-944F-25343A8D486A} => Key deleted successfully.
HKCR\CLSID\{6E70B460-956A-46C7-944F-25343A8D486A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key deleted successfully.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.

==== End of Fixlog ====
  • 0

#10
juanchito

juanchito

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Second log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 01
Ran by Michelle (administrator) on 10-07-2013 11:50:14
Running from C:\Users\Michelle\Desktop\frst
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [167704 2011-08-15] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [392472 2011-08-15] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [416024 2011-08-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] - "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2012-04-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tpnh10jf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

==================== Services (Whitelisted) =================

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-04-09] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-04-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-04-09] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120523.001\IDSvia64.sys [488568 2012-05-07] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120523.001\IDSvia64.sys [488568 2012-05-07] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120523.002\ENG64.SYS [120440 2012-05-23] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120523.002\ENG64.SYS [120440 2012-05-23] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120523.002\EX64.SYS [2068600 2012-05-23] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120523.002\EX64.SYS [2068600 2012-05-23] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-18] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-10 11:47 - 2013-07-10 11:48 - 00000000 ____D C:\Users\Michelle\Desktop\frst
2013-07-06 09:26 - 2013-07-06 09:27 - 00021489 ____A C:\Users\Michelle\Downloads\Addition.txt
2013-07-06 09:25 - 2013-07-06 09:25 - 00000000 ____D C:\FRST
2013-06-26 21:03 - 2013-06-26 21:03 - 00076488 ____A C:\Users\Michelle\Downloads\OTL.Txt
2013-06-26 20:57 - 2013-06-26 20:57 - 00602112 ____A (OldTimer Tools) C:\Users\Michelle\Downloads\OTL.exe
2013-06-20 07:21 - 2013-06-20 07:21 - 448298497 ____A C:\Windows\MEMORY.DMP
2013-06-20 07:21 - 2013-06-20 07:21 - 00262144 ____A C:\Windows\Minidump\062013-22120-01.dmp
2013-06-20 07:21 - 2013-06-20 07:21 - 00000000 ____D C:\Windows\Minidump
2013-06-20 00:40 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-20 00:40 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-20 00:40 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-20 00:40 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-20 00:40 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-20 00:40 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-20 00:40 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-20 00:40 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-20 00:40 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-20 00:40 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-20 00:40 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-20 00:40 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 23:01 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 23:01 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 23:01 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 23:01 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 23:01 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 23:01 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 23:01 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-13 23:01 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-13 23:01 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-13 23:01 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-13 23:01 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-13 23:01 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-13 23:01 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-13 23:01 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-13 23:01 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 23:00 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 23:00 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 23:00 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-13 23:00 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-12 22:32 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 22:32 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 22:32 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 22:32 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 22:32 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 22:32 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 22:32 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 22:32 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 22:32 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 22:32 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 22:32 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 22:32 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 22:32 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 22:32 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 22:32 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 22:32 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 22:32 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 22:32 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 22:32 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-10 11:50 - 2009-07-14 00:45 - 00032064 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-10 11:50 - 2009-07-14 00:45 - 00032064 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-10 11:48 - 2013-07-10 11:47 - 00000000 ____D C:\Users\Michelle\Desktop\frst
2013-07-10 11:47 - 2009-07-14 01:13 - 00727334 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-10 11:42 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-10 11:42 - 2009-07-14 00:51 - 00064615 ____A C:\Windows\setupact.log
2013-07-10 10:17 - 2012-01-15 08:36 - 01790346 ____A C:\Windows\WindowsUpdate.log
2013-07-10 10:14 - 2012-09-02 22:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-10 00:42 - 2012-03-24 17:04 - 00003950 ____A C:\Windows\System32\Tasks\User_Feed_Synchronization-{46551336-4028-404A-947C-6D60580B9281}
2013-07-08 21:25 - 2012-07-15 07:01 - 00000000 ____A C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-08 21:25 - 2012-04-25 17:34 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-07-07 01:29 - 2012-07-25 09:53 - 00003352 ____A C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2001495845-3756729526-2984234223-1000
2013-07-07 01:29 - 2012-07-25 09:53 - 00003224 ____A C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2001495845-3756729526-2984234223-1000
2013-07-06 09:27 - 2013-07-06 09:26 - 00021489 ____A C:\Users\Michelle\Downloads\Addition.txt
2013-07-06 09:25 - 2013-07-06 09:25 - 00000000 ____D C:\FRST
2013-07-03 12:28 - 2013-06-04 22:02 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForMichelle.job
2013-07-02 23:25 - 2012-10-05 06:47 - 00000000 ____D C:\Users\Michelle\AppData\Local\CrashDumps
2013-07-01 22:59 - 2013-06-04 22:02 - 00003204 ____A C:\Windows\System32\Tasks\HPCeeScheduleForMichelle
2013-06-26 21:03 - 2013-06-26 21:03 - 00076488 ____A C:\Users\Michelle\Downloads\OTL.Txt
2013-06-26 20:57 - 2013-06-26 20:57 - 00602112 ____A (OldTimer Tools) C:\Users\Michelle\Downloads\OTL.exe
2013-06-20 07:21 - 2013-06-20 07:21 - 448298497 ____A C:\Windows\MEMORY.DMP
2013-06-20 07:21 - 2013-06-20 07:21 - 00262144 ____A C:\Windows\Minidump\062013-22120-01.dmp
2013-06-20 07:21 - 2013-06-20 07:21 - 00000000 ____D C:\Windows\Minidump
2013-06-15 23:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-11 23:47 - 2012-09-02 22:01 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 23:47 - 2012-09-02 22:01 - 00003768 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-11 23:47 - 2011-10-15 22:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-05 14:08

==================== End Of Log ============================
  • 0

#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello juanchito,

Looking good. :)

Now

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.
So when you return please post
  • JRT.txt
  • ESET scan results
  • And tell me how your machine is

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP