Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop Ups & Ads have taken over laptop [Solved]


  • This topic is locked This topic is locked

#16
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Re-scan withe FRST. Make sure the Addition box is checked before clicking on the scan button. Post both, the addition.txt log and the FRST.txt log on your reply.
  • 0

Advertisements


#17
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Hello,
I
I rescanned with FRST and the two logs you requested follow this. I wanted to let you know that the "search.conduit.com" webpage is still coming up. Also an ad came up on that page when I was on it for a second. And, the "not running genuine Windows" page also came up.

Thanks!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by John (administrator) on JOHN-PC on 17-03-2014 11:11:13
Running from C:\Users\John\Downloads
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(WildTangent, Inc.) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-01] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-11-01] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-06-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3082703480-1980997582-769674337-1000\...\Run: [Google Update] - C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-11] (Google Inc.)
HKU\S-1-5-21-3082703480-1980997582-769674337-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-11] (Google Inc.)
HKU\S-1-5-21-3082703480-1980997582-769674337-1000\...\Policies\Explorer: [HideSCAHealth] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 173.244.132.86 173.244.132.254
Tcpip\..\Interfaces\{81F105C5-75F7-4B34-BD57-6B3F15F03039}: [NameServer]76.73.7.75,107.6.133.7
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]76.73.7.75,107.6.133.7
Tcpip\..\Interfaces\{F19EA1D7-803A-4B44-B142-1BA0BAACFDCE}: [NameServer]76.73.7.75,107.6.133.7

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U15) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-12]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-12]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-06-19]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-02]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-12]
CHR HKLM-x32\...\Chrome\Extension: [ebplnjmfmakhhedomfffdiekifpdffnd] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ch\MediaViewV1alpha7893.crx [2012-05-12]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-19]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [oobclncfihjeobfooihfhglbfloocnkg] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5635\ch\VideoPlayerV3beta5635.crx [2011-12-12]
CHR StartMenuInternet: Google Chrome - C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5721600 2014-01-22] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [754688 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [811008 2014-02-04] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-17 11:07 - 2014-03-17 11:09 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-15 16:41 - 2014-03-15 16:42 - 00001599 _____ () C:\Users\John\Downloads\Search.txt
2014-03-12 06:02 - 2014-03-12 06:02 - 00068684 _____ () C:\Users\John\Downloads\Shortcut.txt
2014-03-12 06:01 - 2014-03-17 11:11 - 00015077 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-12 06:01 - 2014-03-12 06:02 - 00034694 _____ () C:\Users\John\Downloads\Addition.txt
2014-03-12 06:00 - 2014-03-17 11:11 - 00000000 ____D () C:\FRST
2014-03-12 06:00 - 2014-03-12 06:00 - 00001392 _____ () C:\Users\John\Desktop\FRST64 - Shortcut.lnk
2014-03-12 05:59 - 2014-03-12 05:59 - 02157056 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-03-12 05:57 - 2014-03-12 05:57 - 01145856 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2014-03-11 21:49 - 2014-03-11 21:49 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-03-11 21:48 - 2014-03-11 21:48 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 21:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-11 21:42 - 2014-03-11 21:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-10 21:10 - 2014-03-10 21:12 - 01949184 _____ () C:\Users\John\Downloads\AdwCleaner (1).exe
2014-03-10 20:45 - 2014-03-10 20:45 - 00000803 _____ () C:\Users\John\Desktop\JRT.txt
2014-03-10 20:37 - 2014-03-17 11:10 - 00000003 _____ () C:\ProgramData\2psvc31.nls
2014-03-10 20:33 - 2014-03-10 20:33 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (1).exe
2014-03-10 19:50 - 2014-03-10 19:50 - 00000000 ____D () C:\_OTL
2014-03-10 19:47 - 2014-03-10 19:47 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL (1).exe
2014-03-09 15:54 - 2014-03-10 22:29 - 00079660 _____ () C:\Users\John\Downloads\OTL.Txt
2014-03-09 15:54 - 2014-03-09 15:54 - 00054676 _____ () C:\Users\John\Downloads\Extras.Txt
2014-03-09 15:44 - 2014-03-09 15:44 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL.exe
2014-03-09 15:26 - 2014-03-09 22:21 - 00000003 _____ () C:\d31.nls
2014-03-09 14:59 - 2014-03-09 14:59 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-09 14:59 - 2014-03-09 14:59 - 00000000 ____D () C:\Windows\erdnt
2014-03-09 14:53 - 2014-03-09 14:53 - 05187267 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2014-03-09 14:00 - 2014-03-09 14:00 - 00000000 ____D () C:\Windows\ERUNT
2014-03-09 13:53 - 2014-03-09 13:53 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-03-09 13:38 - 2014-03-10 22:13 - 00000000 ____D () C:\AdwCleaner
2014-03-09 13:37 - 2014-03-09 13:38 - 01244192 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-03-09 13:27 - 2014-03-09 13:43 - 00000003 _____ () C:\ProgramData\ Office Diagnostics Service31.nls
2014-03-09 13:24 - 2014-03-09 13:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\John\Downloads\revosetup.exe
2014-03-09 13:24 - 2014-03-09 13:24 - 00001264 _____ () C:\Users\John\Desktop\Revo Uninstaller.lnk
2014-03-09 13:24 - 2014-03-09 13:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-09 13:17 - 2014-03-11 22:35 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1

==================== One Month Modified Files and Folders =======

2014-03-17 11:11 - 2014-03-12 06:01 - 00015077 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-17 11:11 - 2014-03-12 06:00 - 00000000 ____D () C:\FRST
2014-03-17 11:10 - 2014-03-10 20:37 - 00000003 _____ () C:\ProgramData\2psvc31.nls
2014-03-17 11:09 - 2014-03-17 11:07 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-17 11:09 - 2012-05-11 02:08 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 11:08 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-17 11:08 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-17 11:07 - 2012-05-12 17:00 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core.job
2014-03-17 11:03 - 2009-07-13 20:05 - 03524608 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-17 11:01 - 2012-05-11 02:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-17 11:00 - 2012-05-12 17:00 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA.job
2014-03-17 11:00 - 2012-05-11 02:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 11:00 - 2009-07-13 23:51 - 00208370 _____ () C:\Windows\setupact.log
2014-03-16 08:50 - 2009-07-14 00:13 - 00726142 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 08:45 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 16:42 - 2014-03-15 16:41 - 00001599 _____ () C:\Users\John\Downloads\Search.txt
2014-03-15 16:37 - 2013-09-29 15:43 - 00000008 __RSH () C:\Users\John\ntuser.pol
2014-03-15 16:37 - 2012-05-10 19:30 - 00000000 ____D () C:\Users\John
2014-03-15 16:28 - 2014-01-30 19:43 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-15 16:26 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-15 08:02 - 2012-05-12 17:01 - 00002321 _____ () C:\Users\John\Desktop\Google Chrome.lnk
2014-03-12 06:02 - 2014-03-12 06:02 - 00068684 _____ () C:\Users\John\Downloads\Shortcut.txt
2014-03-12 06:02 - 2014-03-12 06:01 - 00034694 _____ () C:\Users\John\Downloads\Addition.txt
2014-03-12 06:00 - 2014-03-12 06:00 - 00001392 _____ () C:\Users\John\Desktop\FRST64 - Shortcut.lnk
2014-03-12 05:59 - 2014-03-12 05:59 - 02157056 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-03-12 05:57 - 2014-03-12 05:57 - 01145856 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2014-03-11 22:38 - 2012-05-10 19:27 - 00415008 _____ () C:\Windows\PFRO.log
2014-03-11 22:35 - 2014-03-09 13:17 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-03-11 22:35 - 2012-07-31 12:41 - 00000000 ____D () C:\ProgramData\781287A80008C96702A76687E56C34C7
2014-03-11 22:35 - 2012-07-31 00:04 - 00000000 ____D () C:\ProgramData\781287A80008C96702A766874F147CE7
2014-03-11 22:35 - 2012-05-10 23:03 - 00000000 ____D () C:\Users\John\AppData\Roaming\Adobe
2014-03-11 22:35 - 2012-05-10 19:36 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 22:13 - 2012-05-11 18:19 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2014-03-11 21:49 - 2014-03-11 21:49 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-03-11 21:48 - 2014-03-11 21:48 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 21:46 - 2014-03-11 21:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-10 22:29 - 2014-03-09 15:54 - 00079660 _____ () C:\Users\John\Downloads\OTL.Txt
2014-03-10 22:13 - 2014-03-09 13:38 - 00000000 ____D () C:\AdwCleaner
2014-03-10 21:12 - 2014-03-10 21:10 - 01949184 _____ () C:\Users\John\Downloads\AdwCleaner (1).exe
2014-03-10 20:45 - 2014-03-10 20:45 - 00000803 _____ () C:\Users\John\Desktop\JRT.txt
2014-03-10 20:33 - 2014-03-10 20:33 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (1).exe
2014-03-10 20:22 - 2014-01-22 21:18 - 00000003 _____ () C:\ProgramData\31.nls
2014-03-10 19:50 - 2014-03-10 19:50 - 00000000 ____D () C:\_OTL
2014-03-10 19:47 - 2014-03-10 19:47 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL (1).exe
2014-03-09 22:21 - 2014-03-09 15:26 - 00000003 _____ () C:\d31.nls
2014-03-09 21:51 - 2012-06-07 20:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-09 15:54 - 2014-03-09 15:54 - 00054676 _____ () C:\Users\John\Downloads\Extras.Txt
2014-03-09 15:44 - 2014-03-09 15:44 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL.exe
2014-03-09 15:17 - 2009-11-01 00:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-09 14:59 - 2014-03-09 14:59 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-09 14:59 - 2014-03-09 14:59 - 00000000 ____D () C:\Windows\erdnt
2014-03-09 14:53 - 2014-03-09 14:53 - 05187267 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2014-03-09 14:00 - 2014-03-09 14:00 - 00000000 ____D () C:\Windows\ERUNT
2014-03-09 13:53 - 2014-03-09 13:53 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-03-09 13:46 - 2012-05-11 05:37 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-03-09 13:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration
2014-03-09 13:43 - 2014-03-09 13:27 - 00000003 _____ () C:\ProgramData\ Office Diagnostics Service31.nls
2014-03-09 13:43 - 2012-08-18 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-09 13:38 - 2014-03-09 13:37 - 01244192 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-03-09 13:31 - 2012-05-11 02:08 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-09 13:31 - 2012-05-11 02:08 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-09 13:24 - 2014-03-09 13:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\John\Downloads\revosetup.exe
2014-03-09 13:24 - 2014-03-09 13:24 - 00001264 _____ () C:\Users\John\Desktop\Revo Uninstaller.lnk
2014-03-09 13:24 - 2014-03-09 13:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-09 13:23 - 2013-10-01 20:59 - 00000000 ____D () C:\Users\John\AppData\Local\avgchrome
2014-03-09 13:19 - 2012-05-12 17:00 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA
2014-03-09 13:19 - 2012-05-12 17:00 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core
2014-03-09 13:18 - 2014-01-30 19:43 - 00000162 _____ () C:\extensions.ini
2014-03-09 13:17 - 2012-05-11 05:37 - 00995328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-03-09 13:15 - 2009-07-13 18:19 - 00589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe
[2009-07-13 18:19] - [2014-03-09 13:15] - 0589312 ____A (Microsoft Corporation) 8DDE1A539CBC01AB2D80D1CE61C05A98

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 21:51

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by John at 2014-03-17 11:11:40
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
AVG 2012 (HKLM\...\AVG) (Version: 2012.0.2197 - AVG Technologies)
AVG 2012 (Version: 12.0.2197 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.6.51 - Conexant)
ConverterLite 1.6.3 (HKLM-x32\...\ConverterLite) (Version: 1.6.3 - ConverterLite)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.2111 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3325 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 4.1.3325 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1005 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.1.1005 - CyberLink Corp.) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Enolsoft Video Converter 3.6.0.0 (HKLM-x32\...\{B0F97B00-8C18-4179-A50F-5C3853FFFD38}}_is1) (Version: - Enolsoft Co., Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{EF48631A-7F45-430A-8AD3-B41CFB1D7596}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Smart Web Printing (x32 Version: 131.1.35898 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java™ 6 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Java™ 6 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160150}) (Version: 1.6.0.150 - Sun Microsystems, Inc.)
JollyWallet (HKLM-x32\...\JollyWallet) (Version: 1.24.151.151 - JollyWallet)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Player (HKLM-x32\...\MediaPlayerV1alpha831) (Version: 1.1 - Media Player)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd)
OneTab (HKLM-x32\...\OneTab) (Version: - )
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.2202 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

==================== Restore Points =========================

16-07-2013 03:17:00 Scheduled Checkpoint
08-02-2014 04:38:23 PC Performer Fri, Feb 07, 14 22:38
09-03-2014 18:26:36 Revo Uninstaller's restore point - Live Security Platinum
09-03-2014 20:15:58 Removed Norton Online Backup
15-03-2014 20:43:59 Revo Uninstaller's restore point - Browse for the Cause
15-03-2014 20:48:53 Revo Uninstaller's restore point - Coupon Printer for Windows
15-03-2014 21:03:38 Revo Uninstaller's restore point - Video Player
15-03-2014 21:16:58 Revo Uninstaller's restore point - Video Player
16-03-2014 02:10:26 HPSF Restore Point

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-03-10 20:10 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AAD4595-F3EC-478B-8947-B907FF5F466E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3082703480-1980997582-769674337-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {0C868E18-04F8-49D6-9B85-1EE720BBDF02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0FABB18A-8B2E-4455-A02A-A47C9651151F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {1BAD86B8-63DC-4A76-8E3C-5277306503A2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {20C4017C-8D00-482E-AF43-3AD064D273BF} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {29235771-19EA-40DB-8FC0-3FEA3CA22EA0} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {29B9DF8F-A30C-4016-B200-E50739F2E4DF} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {4499C9A6-7886-474C-8495-1D06389AEC6B} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {53C76335-9511-427D-A8E4-54E1B8A0DE84} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3082703480-1980997582-769674337-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {93FEACA8-0C5E-402F-8E0C-A95443538011} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2014-02-03] (Hewlett-Packard Co.)
Task: {969C5BFD-AE85-4D32-B182-8DF06ABD6663} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {97779F9B-15E0-4D70-A832-D21F19ACF277} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {B675B57A-EE72-4F9B-BF2E-1C2293B5F498} - System32\Tasks\PhotoProduct.exe => C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe [2010-07-01] (Visan / RocketLife)
Task: {E72D6025-3FDD-41C6-B06A-23CEAC1BAAC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {E9FAA79A-D347-4822-BA62-DE9F3E9F523A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {FC399CF8-C6AC-4D52-BE76-41B875B77749} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-11-01 03:05 - 2014-02-04 15:10 - 00811008 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-07-28 18:08 - 2011-07-28 18:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2012-02-20 23:29 - 2012-02-20 23:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 23:28 - 2012-02-20 23:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-28 18:09 - 2011-07-28 18:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-03-15 08:02 - 2014-03-14 19:50 - 00051016 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 08:02 - 2014-03-14 19:50 - 00716616 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 08:02 - 2014-03-14 19:50 - 00100168 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 08:02 - 2014-03-14 19:50 - 04061000 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 08:02 - 2014-03-14 19:50 - 00394568 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 08:02 - 2014-03-14 19:50 - 01647432 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 08:02 - 2014-03-14 19:50 - 13637448 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\drmkaud => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοпđ, νδ℮ άήδ ğм őήťřόℓŀґ !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\drmkaud => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοпđ, νδ℮ άήδ ğм őήťřόℓŀґ !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Internet Access Server
Description: Internet Access Server
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 11:09:07 AM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (03/17/2014 11:04:49 AM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (03/17/2014 11:03:52 AM) (Source: Windows Activation Technologies) (User: )
Description: Health check failure:
hr = 0x8004FE21, HealthStatus: 0x0000000000008001

Error: (03/17/2014 11:03:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/17/2014 11:03:16 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/17/2014 11:00:43 AM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (03/17/2014 05:35:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15054

Error: (03/17/2014 05:35:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15054

Error: (03/17/2014 05:35:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2014 05:35:14 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13900


System errors:
=============
Error: (03/17/2014 11:00:49 AM) (Source: NetBT) (User: )
Description: The name "JOHN-PC :20" could not be registered on the interface with IP address 192.168.1.123.
The computer with the IP address 192.168.1.112 did not allow the name to be claimed by
this computer.

Error: (03/17/2014 11:00:49 AM) (Source: NetBT) (User: )
Description: The name "JOHN-PC :0" could not be registered on the interface with IP address 192.168.1.123.
The computer with the IP address 192.168.1.112 did not allow the name to be claimed by
this computer.

Error: (03/17/2014 11:00:49 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{81F105C5-75F7-4B34-BD57-6B3F15F03039} because another computer on the network has the same name. The server could not start.

Error: (03/16/2014 11:32:45 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/16/2014 11:32:45 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/16/2014 11:29:11 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/16/2014 11:29:11 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/16/2014 11:13:35 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/16/2014 11:13:35 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/16/2014 11:13:25 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-03-17 11:11:16.241
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-17 11:11:16.125
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-17 11:11:16.003
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-17 11:11:15.887
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-16 10:05:53.227
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-16 10:05:53.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-16 10:05:52.988
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-16 10:05:52.852
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-15 15:41:44.707
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-15 15:41:44.597
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 1979.2 MB
Available physical RAM: 1006.84 MB
Total Pagefile: 3958.39 MB
Available Pagefile: 2536.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:220.4 GB) (Free:174 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.29 GB) (Free:2.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (THE_TWO_TOWERS_D2) (CDROM) (Total:4.1 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 0393754D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#18
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Please post the Brand and Model of your computer.

Please download SystemLook from one of the links below and save it to your Desktop.

32 bit Download Mirror #1
32 bit Download Mirror #2


For 64bit systems, Please download SystemLook from the link below and save it to your Desktop.

64 bit Download Mirror

  • Double-click SystemLook.exe (or SystemLook_x64.exe) to run the application.
  • Copy the content of the following quote box into the main textfield:

    :filefind
    conduit

    :folderfind
    conduit

    :regfind
    conduit

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Run this command:

Press the Windows Key + R. Copy and paste the following command and click OK:

CMD /C Reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\UILanguages /s >"%userprofile%\desktop\MUI.txt

Post the contents of the MUI.txt located on your desktop.
  • 0

#19
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Please have the following file checked at VirusTotal:

C:\Windows\SysWOW64\svchost.exe

Post the link to the scan.
  • 0

#20
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
My laptop is a Compaq Presario CQ60.

Following is the log after running the Systemlook program:

SystemLook 30.07.11 by jpshortstuff
Log created at 05:44 on 19/03/2014 by John
Administrator - Elevation successful

========== filefind ==========

Searching for "conduit"
No files found.

========== folderfind ==========

Searching for "conduit"
No folders found.

========== regfind ==========

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"045F27F206F16624596059B2126D46D0"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\045F27F206F16624596059B2126D46D0]
"File"="iSyncConduit.dll"

-= EOF =-

----------------------------

This is a copy of the MUI.txt:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\UILanguages\en-US
LCID REG_DWORD 0x409
Type REG_DWORD 0x91



Thanks!
  • 0

#21
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous. As a precaution, we will make a backup of the registry first.

Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing. Please follow the steps that are listed below EXACTLY. If you cannot preform some of these steps, or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

Download the enclosed folder. Attached File  Regfix.zip   323bytes   43 downloads

Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.

I will browse HP for your model.
  • 0

#22
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Download AIDA64 Extreme Edition trial version from here. Install the application and follow the prompts (Allow an icon on the desktop). Once completed, right click on the AIDA64 Extreme Edition icon and select "Run as administrator". Click on Report and select Report wizard. Create a hardware report as a text file, save the file on the desktop. Attach a copy of this report on your reply.

Please have the following file checked at VirusTotal:

C:\Windows\SysWOW64\svchost.exe

Post the link to the scan.
  • 0

#23
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
I modified the registry as you told me to do.

I will now attach the AIDA64 Report file.

I am still working on checking the file at VirusTotal.

Attached Files


  • 0

#24
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Here is the link to the scan I did on VirusTotal. I hope I did this right.

https://www.virustot...sis/1395315028/
  • 0

#25
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
The backup of the 32bit svchost.exe looks similar to the one in the SysWOW64 folder, but lets replace it.

Download the enclosed file. Attached File  fixlist.txt   175bytes   69 downloads

Save it in the same location FRST is saved.

Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the same location FRST is saved, (Fixlog.txt). Please post it to your reply.

Restart the computer.

Please check the C:\Windows\SysWOW64\svchost.exe once again at VirusTotal and post the link to the scan. If you receive a message that that file has been scan, select re-scan the file.

Are you still receiving the "not running genuine Windows" message?
  • 0

Advertisements


#26
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Here is the new fixlog report:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by John at 2014-03-21 05:54:59 Run:3
Running from C:\Users\John\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Replace: C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe C:\Windows\SysWOW64\svchost.exe
End
*****************

C:\Windows\SysWOW64\svchost.exe => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe copied successfully to C:\Windows\SysWOW64\svchost.exe

==== End of Fixlog ====


I restarted the computer and rescanned the svchost.exe file in VirusTotal. Here is the link to the new scan.
https://www.virustot...sis/1395399955/

So far the "not running genuine Windows" screen has not come up. I will have to use the computer a little longer to double check that. Sometimes it takes a while for it to come up. But hopefully it is gone!

Thanks.

Melanie
  • 0

#27
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
So far I still have not seen the "not running genuine Windows" screen come up, so that is great.

I want to ask you about something else which may or may not be related. I was checking to see if Windows Defender was on and working on this computer. I got a message that said there was some problem preventing it from starting. The button I clicked on to start Windows Defender just caused the computer to run for a few seconds and then the whole thing just "x'd" itself out. Is this related to the problem I am currently having?

Also, I should mention that so far I have not had that other website come up when I start the internet. The computer has been going to my Google homepage.

Thanks!
  • 0

#28
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts

I want to ask you about something else which may or may not be related. I was checking to see if Windows Defender was on and working on this computer. I got a message that said there was some problem preventing it from starting. The button I clicked on to start Windows Defender just caused the computer to run for a few seconds and then the whole thing just "x'd" itself out. Is this related to the problem I am currently having?


It may certainly be. I find no reference to the current 32bit svchost.exe file, virusscan detects it as malware, and its backup seems infected also. Do you have the installation DVD?
  • 0

#29
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
The installation for which item?
  • 0

#30
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Windows 7 Install DVD.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP