Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop Ups & Ads have taken over laptop [Solved]


  • This topic is locked This topic is locked

#31
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
I will look for the Windows 7 CD. I don't know if we still have it.

Also, the "not running genuine Windows" screen came up again this morning.

I'll get back to you soon.

Melanie
  • 0

Advertisements


#32
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
:thumbsup:
  • 0

#33
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
What I have found is a disc that is called "Application and Driver Recovery DVD." Will this work? I also have two Microsoft Vista recovery discs but they go to Dell computers. Not sure if that helps...

Melanie
  • 0

#34
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
No, none will do.

Go to Start -> All Programs -> Windows Updates. See if there are updates available. Wonder why you still haven't update to SP1.
  • 0

#35
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

When I try to check for updates it says "Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer." (But I just turned my computer on).  I checked and it is supposed to automatically update every day.  On the update page there is a red shield with a big white "x" in it like something is wrong.  

 

Also, you asked about SP1 but I don't know what that is.

 

Melanie


Edited by mckinney7, 24 March 2014 - 05:10 AM.

  • 0

#36
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

On the list of installed updates, the last security update for windows was in July 2012.  Not good.


  • 0

#37
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

Download and Farbar service scanner to your desktop.

 

http://www.bleepingc...ervice-scanner/

 

Open FSS and check all boxes. Click on the Scan button. Post the FSS.txt that would be created on your desktop.


  • 0

#38
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

Sorry I didn't reply to this sooner.  I missed your post.  Here is the log from the FSS scan:

 

Farbar Service Scanner Version: 25-02-2014
Ran by John (administrator) on 27-03-2014 at 06:10:01
Running from "C:\Users\John\Desktop"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
 
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
 
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-07-13 18:39] - [2014-01-22 21:07] - 2170368 ____A (Microsoft Corporation) CD3B26E26B6F63118F46CED78C699D3B
 
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

  • 0

#39
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • On the search box type the following: vssvc.exe
  • Press Search button.
  • It will make a log (Search.txt) in the same directory the tool is run. Please copy and paste it to your reply.

Download Services Repair tool, available here, and save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not, please manually reboot the computer.

After the re-boot, re-run Farbar's Service Scanner and post the new report.


  • 0

#40
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

Hi,

 

I ran the FRST tool and here is my first report:

 

Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by John at 2014-03-28 06:19:54
Running from C:\Users\John\Desktop
Boot Mode: Normal
 
================== Search: "vssvc.exe" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe
[2009-07-13 18:39] - [2014-01-22 21:07] - 2170368 ____A (Microsoft Corporation) CD3B26E26B6F63118F46CED78C699D3B
 
C:\Windows\System32\VSSVC.exe
[2009-07-13 18:39] - [2014-01-22 21:07] - 2170368 ____A (Microsoft Corporation) CD3B26E26B6F63118F46CED78C699D3B
 
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08\VSSVC.exe
[2012-05-16 17:39] - [2010-11-20 08:25] - 1600512 ____A (Microsoft Corporation) B60BA0BC31B0CB414593E169F6F21CC2
 
====== End Of Search ======

  • 0

Advertisements


#41
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

When I try to download the Services Repair tool it says "This file is malicious and Chrome has blocked it."  There are no options given.  What do you want me to do?


  • 0

#42
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

When I try to download the Services Repair tool it says "This file is malicious and Chrome has blocked it."  There are no options given.  What do you want me to do?

Go to the menu (three horizontal lines on the upper right side of your monitor) and select Settings. Scroll down to Show Advanced settings and deselect Enable phishing and malware protection. This is temporarily. Until the scan is done.

 

Download the enclosed file. Attached File  fixlist.txt   223bytes   59 downloads

 

Save it in the same location FRST is saved.

 

Open FRST and click on the Fix button.

 

A fixlog.txt will be produced, post its contents to a reply.


  • 0

#43
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

Here is the latest fixlog.txt you requested:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by John at 2014-03-29 08:10:16 Run:4
Running from C:\Users\John\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
Replace: C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08\VSSVC.exe C:\Windows\System32\VSSVC.exe
End
*****************
 
C:\Windows\System32\VSSVC.exe => Moved successfully.
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08\VSSVC.exe copied successfully to C:\Windows\System32\VSSVC.exe
 
==== End of Fixlog ====

  • 0

#44
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

Go to the menu (three horizontal lines on the upper right side of your monitor) and select Settings. Scroll down to Show Advanced settings and deselect Enable phishing and malware protection. This is temporarily. Until the scan is done.

 

Now, download Services Repair tool, available here, and save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not, please manually reboot the computer.

After the re-boot, re-run Farbar's Service Scanner and post the new report.


  • 0

#45
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

I performed the Service Repair, rebooted and rescanned using FRST.  Here is the new FRST report:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by John (administrator) on JOHN-PC on 31-03-2014 16:35:19
Running from C:\Users\John\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(WildTangent, Inc.) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\system32\wbengine.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Google) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Farbar) C:\Users\John\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-01] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-11-01] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [622592 2014-03-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-06-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3082703480-1980997582-769674337-1000\...\Run: [Google Update] - C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-11] (Google Inc.)
HKU\S-1-5-21-3082703480-1980997582-769674337-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [602624 2014-03-22] (Google Inc.)
HKU\S-1-5-21-3082703480-1980997582-769674337-1000\...\Policies\Explorer: [HideSCAHealth] 1
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 173.244.132.86 173.244.132.254
Tcpip\..\Interfaces\{81F105C5-75F7-4B34-BD57-6B3F15F03039}: [NameServer]76.73.7.75,107.6.133.7
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]76.73.7.75,107.6.133.7
Tcpip\..\Interfaces\{F19EA1D7-803A-4B44-B142-1BA0BAACFDCE}: [NameServer]76.73.7.75,107.6.133.7
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U15) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-12]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-12]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-06-19]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-02]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-12]
CHR HKLM-x32\...\Chrome\Extension: [ebplnjmfmakhhedomfffdiekifpdffnd] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ch\MediaViewV1alpha7893.crx [2012-05-12]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-19]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [oobclncfihjeobfooihfhglbfloocnkg] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5635\ch\VideoPlayerV3beta5635.crx [2011-12-12]
CHR StartMenuInternet: Google Chrome - C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5721600 2014-01-22] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [754688 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [811008 2014-02-04] ()
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-31 16:29 - 2014-03-31 16:30 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-03-31 16:28 - 2014-03-31 16:28 - 04009167 _____ () C:\Users\John\Desktop\ServicesRepair.exe
2014-03-28 06:19 - 2014-03-31 16:35 - 00009669 _____ () C:\Users\John\Desktop\FRST.txt
2014-03-28 06:19 - 2014-03-28 06:21 - 00000906 _____ () C:\Users\John\Desktop\Search.txt
2014-03-28 06:17 - 2014-03-28 06:17 - 02157056 _____ (Farbar) C:\Users\John\Desktop\FRST64 (1).exe
2014-03-27 06:10 - 2014-03-27 06:10 - 00005139 _____ () C:\Users\John\Desktop\FSS.txt
2014-03-27 06:09 - 2014-03-27 06:09 - 00409600 _____ (Farbar) C:\Users\John\Desktop\FSS.exe
2014-03-20 06:15 - 2014-03-20 06:15 - 00384084 _____ () C:\Users\John\Desktop\AIDA64 Report.txt
2014-03-20 06:14 - 2014-03-20 06:14 - 00000000 ____D () C:\Users\John\Documents\AIDA64 Reports
2014-03-20 06:13 - 2014-03-20 06:13 - 00001175 _____ () C:\Users\John\Desktop\AIDA64 Extreme.lnk
2014-03-20 06:13 - 2014-03-20 06:13 - 00000000 ____D () C:\Program Files (x86)\FinalWire
2014-03-20 06:10 - 2014-03-20 06:11 - 15834968 _____ (FinalWire Ltd. ) C:\Users\John\Downloads\aida64extreme420.exe
2014-03-20 06:09 - 2014-03-20 06:09 - 00000000 ____D () C:\Users\John\Desktop\Regfix (1)
2014-03-20 06:08 - 2014-03-20 06:08 - 00000323 _____ () C:\Users\John\Downloads\Regfix.zip
2014-03-20 06:08 - 2014-03-20 06:08 - 00000323 _____ () C:\Users\John\Desktop\Regfix (1).zip
2014-03-20 06:05 - 2014-03-20 06:05 - 00000924 _____ () C:\Users\John\Desktop\NTREGOPT.lnk
2014-03-20 06:05 - 2014-03-20 06:05 - 00000905 _____ () C:\Users\John\Desktop\ERUNT.lnk
2014-03-20 06:05 - 2014-03-20 06:05 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-20 06:03 - 2014-03-20 06:03 - 00791393 _____ (Lars Hederer ) C:\Users\John\Downloads\erunt-setup.exe
2014-03-19 05:53 - 2014-03-19 05:53 - 00000142 _____ () C:\Users\John\Desktop\MUI.txt
2014-03-19 05:44 - 2014-03-19 05:46 - 00001602 _____ () C:\Users\John\Desktop\SystemLook.txt
2014-03-19 05:40 - 2014-03-19 05:40 - 00165376 _____ () C:\Users\John\Desktop\SystemLook_x64.exe
2014-03-17 11:07 - 2014-03-17 11:09 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-15 16:41 - 2014-03-15 16:42 - 00001599 _____ () C:\Users\John\Downloads\Search.txt
2014-03-12 06:02 - 2014-03-12 06:02 - 00068684 _____ () C:\Users\John\Downloads\Shortcut.txt
2014-03-12 06:01 - 2014-03-17 11:12 - 00034009 _____ () C:\Users\John\Downloads\Addition.txt
2014-03-12 06:01 - 2014-03-17 11:12 - 00026813 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-12 06:00 - 2014-03-31 16:35 - 00000000 ____D () C:\FRST
2014-03-12 06:00 - 2014-03-12 06:00 - 00001392 _____ () C:\Users\John\Desktop\FRST64 - Shortcut.lnk
2014-03-12 05:59 - 2014-03-12 05:59 - 02157056 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-03-12 05:57 - 2014-03-12 05:57 - 01145856 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2014-03-11 21:49 - 2014-03-11 21:49 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-03-11 21:48 - 2014-03-11 21:48 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 21:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-11 21:42 - 2014-03-11 21:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-10 21:10 - 2014-03-10 21:12 - 01949184 _____ () C:\Users\John\Downloads\AdwCleaner (1).exe
2014-03-10 20:45 - 2014-03-10 20:45 - 00000803 _____ () C:\Users\John\Desktop\JRT.txt
2014-03-10 20:37 - 2014-03-29 08:15 - 00000003 _____ () C:\ProgramData\2psvc31.nls
2014-03-10 20:33 - 2014-03-10 20:33 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (1).exe
2014-03-10 19:50 - 2014-03-10 19:50 - 00000000 ____D () C:\_OTL
2014-03-10 19:47 - 2014-03-10 19:47 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL (1).exe
2014-03-09 15:54 - 2014-03-10 22:29 - 00079660 _____ () C:\Users\John\Downloads\OTL.Txt
2014-03-09 15:54 - 2014-03-09 15:54 - 00054676 _____ () C:\Users\John\Downloads\Extras.Txt
2014-03-09 15:44 - 2014-03-09 15:44 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL.exe
2014-03-09 15:26 - 2014-03-09 22:21 - 00000003 _____ () C:\d31.nls
2014-03-09 14:59 - 2014-03-20 06:07 - 00000000 ____D () C:\Windows\erdnt
2014-03-09 14:59 - 2014-03-09 14:59 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-09 14:53 - 2014-03-09 14:53 - 05187267 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2014-03-09 14:00 - 2014-03-09 14:00 - 00000000 ____D () C:\Windows\ERUNT
2014-03-09 13:53 - 2014-03-09 13:53 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-03-09 13:38 - 2014-03-10 22:13 - 00000000 ____D () C:\AdwCleaner
2014-03-09 13:37 - 2014-03-09 13:38 - 01244192 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-03-09 13:27 - 2014-03-09 13:43 - 00000003 _____ () C:\ProgramData\ Office Diagnostics Service31.nls
2014-03-09 13:24 - 2014-03-09 13:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\John\Downloads\revosetup.exe
2014-03-09 13:24 - 2014-03-09 13:24 - 00001264 _____ () C:\Users\John\Desktop\Revo Uninstaller.lnk
2014-03-09 13:24 - 2014-03-09 13:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-09 13:17 - 2014-03-11 22:35 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
 
==================== One Month Modified Files and Folders =======
 
2014-03-31 16:35 - 2014-03-28 06:19 - 00009669 _____ () C:\Users\John\Desktop\FRST.txt
2014-03-31 16:35 - 2014-03-12 06:00 - 00000000 ____D () C:\FRST
2014-03-31 16:33 - 2012-05-11 02:08 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-31 16:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 16:31 - 2009-07-13 23:51 - 00209490 _____ () C:\Windows\setupact.log
2014-03-31 16:30 - 2014-03-31 16:29 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-03-31 16:30 - 2012-05-12 17:00 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA.job
2014-03-31 16:30 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 16:30 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 16:28 - 2014-03-31 16:28 - 04009167 _____ () C:\Users\John\Desktop\ServicesRepair.exe
2014-03-31 16:27 - 2012-05-11 18:19 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2014-03-29 08:15 - 2014-03-10 20:37 - 00000003 _____ () C:\ProgramData\2psvc31.nls
2014-03-29 08:14 - 2009-07-13 18:39 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-03-29 08:11 - 2009-07-14 00:13 - 00726142 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-28 06:21 - 2014-03-28 06:19 - 00000906 _____ () C:\Users\John\Desktop\Search.txt
2014-03-28 06:17 - 2014-03-28 06:17 - 02157056 _____ (Farbar) C:\Users\John\Desktop\FRST64 (1).exe
2014-03-27 16:36 - 2012-05-11 02:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 16:01 - 2012-05-11 02:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 14:30 - 2012-05-12 17:00 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core.job
2014-03-27 14:25 - 2012-05-12 17:00 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA
2014-03-27 14:25 - 2012-05-12 17:00 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core
2014-03-27 13:56 - 2009-07-13 20:05 - 04093952 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-27 06:10 - 2014-03-27 06:10 - 00005139 _____ () C:\Users\John\Desktop\FSS.txt
2014-03-27 06:09 - 2014-03-27 06:09 - 00409600 _____ (Farbar) C:\Users\John\Desktop\FSS.exe
2014-03-24 06:07 - 2010-01-09 10:25 - 01659771 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 17:45 - 2013-05-13 23:56 - 00000000 ____D () C:\Program Files (x86)\ConverterLite
2014-03-21 15:00 - 2012-05-12 01:19 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-03-21 14:26 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-03-20 06:15 - 2014-03-20 06:15 - 00384084 _____ () C:\Users\John\Desktop\AIDA64 Report.txt
2014-03-20 06:14 - 2014-03-20 06:14 - 00000000 ____D () C:\Users\John\Documents\AIDA64 Reports
2014-03-20 06:13 - 2014-03-20 06:13 - 00001175 _____ () C:\Users\John\Desktop\AIDA64 Extreme.lnk
2014-03-20 06:13 - 2014-03-20 06:13 - 00000000 ____D () C:\Program Files (x86)\FinalWire
2014-03-20 06:11 - 2014-03-20 06:10 - 15834968 _____ (FinalWire Ltd. ) C:\Users\John\Downloads\aida64extreme420.exe
2014-03-20 06:09 - 2014-03-20 06:09 - 00000000 ____D () C:\Users\John\Desktop\Regfix (1)
2014-03-20 06:08 - 2014-03-20 06:08 - 00000323 _____ () C:\Users\John\Downloads\Regfix.zip
2014-03-20 06:08 - 2014-03-20 06:08 - 00000323 _____ () C:\Users\John\Desktop\Regfix (1).zip
2014-03-20 06:07 - 2014-03-09 14:59 - 00000000 ____D () C:\Windows\erdnt
2014-03-20 06:05 - 2014-03-20 06:05 - 00000924 _____ () C:\Users\John\Desktop\NTREGOPT.lnk
2014-03-20 06:05 - 2014-03-20 06:05 - 00000905 _____ () C:\Users\John\Desktop\ERUNT.lnk
2014-03-20 06:05 - 2014-03-20 06:05 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-20 06:03 - 2014-03-20 06:03 - 00791393 _____ (Lars Hederer ) C:\Users\John\Downloads\erunt-setup.exe
2014-03-19 05:53 - 2014-03-19 05:53 - 00000142 _____ () C:\Users\John\Desktop\MUI.txt
2014-03-19 05:46 - 2014-03-19 05:44 - 00001602 _____ () C:\Users\John\Desktop\SystemLook.txt
2014-03-19 05:45 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-03-19 05:42 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 05:40 - 2014-03-19 05:40 - 00165376 _____ () C:\Users\John\Desktop\SystemLook_x64.exe
2014-03-17 11:12 - 2014-03-12 06:01 - 00034009 _____ () C:\Users\John\Downloads\Addition.txt
2014-03-17 11:12 - 2014-03-12 06:01 - 00026813 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-17 11:09 - 2014-03-17 11:07 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-15 16:42 - 2014-03-15 16:41 - 00001599 _____ () C:\Users\John\Downloads\Search.txt
2014-03-15 16:37 - 2013-09-29 15:43 - 00000008 __RSH () C:\Users\John\ntuser.pol
2014-03-15 16:37 - 2012-05-10 19:30 - 00000000 ____D () C:\Users\John
2014-03-15 16:28 - 2014-01-30 19:43 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-15 16:26 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-15 08:02 - 2012-05-12 17:01 - 00002321 _____ () C:\Users\John\Desktop\Google Chrome.lnk
2014-03-12 06:02 - 2014-03-12 06:02 - 00068684 _____ () C:\Users\John\Downloads\Shortcut.txt
2014-03-12 06:00 - 2014-03-12 06:00 - 00001392 _____ () C:\Users\John\Desktop\FRST64 - Shortcut.lnk
2014-03-12 05:59 - 2014-03-12 05:59 - 02157056 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-03-12 05:57 - 2014-03-12 05:57 - 01145856 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2014-03-11 22:38 - 2012-05-10 19:27 - 00415008 _____ () C:\Windows\PFRO.log
2014-03-11 22:35 - 2014-03-09 13:17 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-03-11 22:35 - 2012-07-31 12:41 - 00000000 ____D () C:\ProgramData\781287A80008C96702A76687E56C34C7
2014-03-11 22:35 - 2012-07-31 00:04 - 00000000 ____D () C:\ProgramData\781287A80008C96702A766874F147CE7
2014-03-11 22:35 - 2012-05-10 23:03 - 00000000 ____D () C:\Users\John\AppData\Roaming\Adobe
2014-03-11 22:35 - 2012-05-10 19:36 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 21:49 - 2014-03-11 21:49 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-03-11 21:48 - 2014-03-11 21:48 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 21:46 - 2014-03-11 21:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-10 22:29 - 2014-03-09 15:54 - 00079660 _____ () C:\Users\John\Downloads\OTL.Txt
2014-03-10 22:13 - 2014-03-09 13:38 - 00000000 ____D () C:\AdwCleaner
2014-03-10 21:12 - 2014-03-10 21:10 - 01949184 _____ () C:\Users\John\Downloads\AdwCleaner (1).exe
2014-03-10 20:45 - 2014-03-10 20:45 - 00000803 _____ () C:\Users\John\Desktop\JRT.txt
2014-03-10 20:33 - 2014-03-10 20:33 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (1).exe
2014-03-10 20:22 - 2014-01-22 21:18 - 00000003 _____ () C:\ProgramData\31.nls
2014-03-10 19:50 - 2014-03-10 19:50 - 00000000 ____D () C:\_OTL
2014-03-10 19:47 - 2014-03-10 19:47 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL (1).exe
2014-03-09 22:21 - 2014-03-09 15:26 - 00000003 _____ () C:\d31.nls
2014-03-09 21:51 - 2012-06-07 20:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-09 15:54 - 2014-03-09 15:54 - 00054676 _____ () C:\Users\John\Downloads\Extras.Txt
2014-03-09 15:44 - 2014-03-09 15:44 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL.exe
2014-03-09 15:17 - 2009-11-01 00:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-09 14:59 - 2014-03-09 14:59 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-09 14:53 - 2014-03-09 14:53 - 05187267 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2014-03-09 14:00 - 2014-03-09 14:00 - 00000000 ____D () C:\Windows\ERUNT
2014-03-09 13:53 - 2014-03-09 13:53 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-03-09 13:46 - 2012-05-11 05:37 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-03-09 13:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration
2014-03-09 13:43 - 2014-03-09 13:27 - 00000003 _____ () C:\ProgramData\ Office Diagnostics Service31.nls
2014-03-09 13:43 - 2012-08-18 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-09 13:38 - 2014-03-09 13:37 - 01244192 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-03-09 13:31 - 2012-05-11 02:08 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-09 13:31 - 2012-05-11 02:08 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-09 13:24 - 2014-03-09 13:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\John\Downloads\revosetup.exe
2014-03-09 13:24 - 2014-03-09 13:24 - 00001264 _____ () C:\Users\John\Desktop\Revo Uninstaller.lnk
2014-03-09 13:24 - 2014-03-09 13:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-09 13:23 - 2013-10-01 20:59 - 00000000 ____D () C:\Users\John\AppData\Local\avgchrome
2014-03-09 13:18 - 2014-01-30 19:43 - 00000162 _____ () C:\extensions.ini
2014-03-09 13:17 - 2012-05-11 05:37 - 00995328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-03-09 13:15 - 2009-07-13 18:19 - 00589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe
[2009-07-13 18:19] - [2014-03-09 13:15] - 0589312 ____A (Microsoft Corporation) 8DDE1A539CBC01AB2D80D1CE61C05A98
 
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 20:07
 
==================== End Of Log ============================

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP