[mckinney7]

I will look for the Windows 7 CD. I don't know if we still have it.

Also, the "not running genuine Windows" screen came up again this morning.

I'll get back to you soon.

Melanie

[Advertisements]

[JSntgRvr]

[mckinney7]

What I have found is a disc that is called "Application and Driver Recovery DVD." Will this work? I also have two Microsoft Vista recovery discs but they go to Dell computers. Not sure if that helps...

Melanie

[JSntgRvr]

No, none will do.

Go to Start -> All Programs -> Windows Updates. See if there are updates available. Wonder why you still haven't update to SP1.

[mckinney7]

When I try to check for updates it says "Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer." (But I just turned my computer on).  I checked and it is supposed to automatically update every day.  On the update page there is a red shield with a big white "x" in it like something is wrong.  

 

Also, you asked about SP1 but I don't know what that is.

 

Melanie

Edited by mckinney7, 24 March 2014 - 05:10 AM.

[mckinney7]

On the list of installed updates, the last security update for windows was in July 2012.  Not good.

[JSntgRvr]

Download and Farbar service scanner to your desktop.

 

http://www.bleepingc...ervice-scanner/

 

Open FSS and check all boxes. Click on the Scan button. Post the FSS.txt that would be created on your desktop.

[mckinney7]

Sorry I didn't reply to this sooner.  I missed your post.  Here is the log from the FSS scan:

 

Farbar Service Scanner Version: 25-02-2014

Ran by John (administrator) on 27-03-2014 at 06:10:01

Running from "C:\Users\John\Desktop"

Microsoft Windows 7 Home Premium   (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

 

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

 

 

Firewall Disabled Policy: 

==================

"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is set to Disabled. The default start type is Auto.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

 

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

 

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

 

BITS Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

 

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Disabled. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Other Services:

==============

Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

 

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe

[2009-07-13 18:39] - [2014-01-22 21:07] - 2170368 ____A (Microsoft Corporation) CD3B26E26B6F63118F46CED78C699D3B

 

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

[JSntgRvr]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• On the search box type the following: vssvc.exe
• Press Search button.
• It will make a log (Search.txt) in the same directory the tool is run. Please copy and paste it to your reply.

Download Services Repair tool, available here, and save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not, please manually reboot the computer.

After the re-boot, re-run Farbar's Service Scanner and post the new report.

[mckinney7]

Hi,

 

I ran the FRST tool and here is my first report:

 

Farbar Recovery Scan Tool (x64) Version: 13-03-2014

Ran by John at 2014-03-28 06:19:54

Running from C:\Users\John\Desktop

Boot Mode: Normal

 

================== Search: "vssvc.exe" ===================

 

C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe

[2009-07-13 18:39] - [2014-01-22 21:07] - 2170368 ____A (Microsoft Corporation) CD3B26E26B6F63118F46CED78C699D3B

 

C:\Windows\System32\VSSVC.exe

[2009-07-13 18:39] - [2014-01-22 21:07] - 2170368 ____A (Microsoft Corporation) CD3B26E26B6F63118F46CED78C699D3B

 

C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08\VSSVC.exe

[2012-05-16 17:39] - [2010-11-20 08:25] - 1600512 ____A (Microsoft Corporation) B60BA0BC31B0CB414593E169F6F21CC2

 

====== End Of Search ======

[mckinney7]

When I try to download the Services Repair tool it says "This file is malicious and Chrome has blocked it."  There are no options given.  What do you want me to do?

[JSntgRvr]

When I try to download the Services Repair tool it says "This file is malicious and Chrome has blocked it."  There are no options given.  What do you want me to do?

Go to the menu (three horizontal lines on the upper right side of your monitor) and select Settings. Scroll down to Show Advanced settings and deselect Enable phishing and malware protection. This is temporarily. Until the scan is done.

 

Download the enclosed file. 

 

Save it in the same location FRST is saved.

 

Open FRST and click on the Fix button.

 

A fixlog.txt will be produced, post its contents to a reply.

[mckinney7]

Here is the latest fixlog.txt you requested:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014

Ran by John at 2014-03-29 08:10:16 Run:4

Running from C:\Users\John\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

Replace: C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08\VSSVC.exe C:\Windows\System32\VSSVC.exe

End

*****************

 

C:\Windows\System32\VSSVC.exe => Moved successfully.

C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08\VSSVC.exe copied successfully to C:\Windows\System32\VSSVC.exe

 

==== End of Fixlog ====

[JSntgRvr]

Go to the menu (three horizontal lines on the upper right side of your monitor) and select Settings. Scroll down to Show Advanced settings and deselect Enable phishing and malware protection. This is temporarily. Until the scan is done.

 

Now, download Services Repair tool, available here, and save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not, please manually reboot the computer.

After the re-boot, re-run Farbar's Service Scanner and post the new report.

[mckinney7]

I performed the Service Repair, rebooted and rescanned using FRST.  Here is the new FRST report:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by John (administrator) on JOHN-PC on 31-03-2014 16:35:19

Running from C:\Users\John\Desktop

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

(WildTangent, Inc.) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\system32\msiexec.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Microsoft Corporation) C:\Windows\system32\wbengine.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe

(Google Inc.) C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

(Google) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

(Farbar) C:\Users\John\Desktop\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-01] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-11-01] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [622592 2014-03-21] (Apple Inc.)

HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-06-19] (RealNetworks, Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-3082703480-1980997582-769674337-1000\...\Run: [Google Update] - C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-11] (Google Inc.)

HKU\S-1-5-21-3082703480-1980997582-769674337-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [602624 2014-03-22] (Google Inc.)

HKU\S-1-5-21-3082703480-1980997582-769674337-1000\...\Policies\Explorer: [HideSCAHealth] 1

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 173.244.132.86 173.244.132.254

Tcpip\..\Interfaces\{81F105C5-75F7-4B34-BD57-6B3F15F03039}: [NameServer]76.73.7.75,107.6.133.7

Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]76.73.7.75,107.6.133.7

Tcpip\..\Interfaces\{F19EA1D7-803A-4B44-B142-1BA0BAACFDCE}: [NameServer]76.73.7.75,107.6.133.7

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java™ Platform SE 6 U15) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File

CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-12]

CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-12]

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-06-19]

CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]

CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-02]

CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-12]

CHR HKLM-x32\...\Chrome\Extension: [ebplnjmfmakhhedomfffdiekifpdffnd] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ch\MediaViewV1alpha7893.crx [2012-05-12]

CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-19]

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

CHR HKLM-x32\...\Chrome\Extension: [oobclncfihjeobfooihfhglbfloocnkg] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5635\ch\VideoPlayerV3beta5635.crx [2011-12-12]

CHR StartMenuInternet: Google Chrome - C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5721600 2014-01-22] (AVG Technologies CZ, s.r.o.)

S4 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [754688 2014-01-22] (AVG Technologies CZ, s.r.o.)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [811008 2014-02-04] ()

 

==================== Drivers (Whitelisted) ====================

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )

S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)

R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-31 16:29 - 2014-03-31 16:30 - 00000000 ____D () C:\Users\Public\Desktop\CC Support

2014-03-31 16:28 - 2014-03-31 16:28 - 04009167 _____ () C:\Users\John\Desktop\ServicesRepair.exe

2014-03-28 06:19 - 2014-03-31 16:35 - 00009669 _____ () C:\Users\John\Desktop\FRST.txt

2014-03-28 06:19 - 2014-03-28 06:21 - 00000906 _____ () C:\Users\John\Desktop\Search.txt

2014-03-28 06:17 - 2014-03-28 06:17 - 02157056 _____ (Farbar) C:\Users\John\Desktop\FRST64 (1).exe

2014-03-27 06:10 - 2014-03-27 06:10 - 00005139 _____ () C:\Users\John\Desktop\FSS.txt

2014-03-27 06:09 - 2014-03-27 06:09 - 00409600 _____ (Farbar) C:\Users\John\Desktop\FSS.exe

2014-03-20 06:15 - 2014-03-20 06:15 - 00384084 _____ () C:\Users\John\Desktop\AIDA64 Report.txt

2014-03-20 06:14 - 2014-03-20 06:14 - 00000000 ____D () C:\Users\John\Documents\AIDA64 Reports

2014-03-20 06:13 - 2014-03-20 06:13 - 00001175 _____ () C:\Users\John\Desktop\AIDA64 Extreme.lnk

2014-03-20 06:13 - 2014-03-20 06:13 - 00000000 ____D () C:\Program Files (x86)\FinalWire

2014-03-20 06:10 - 2014-03-20 06:11 - 15834968 _____ (FinalWire Ltd. ) C:\Users\John\Downloads\aida64extreme420.exe

2014-03-20 06:09 - 2014-03-20 06:09 - 00000000 ____D () C:\Users\John\Desktop\Regfix (1)

2014-03-20 06:08 - 2014-03-20 06:08 - 00000323 _____ () C:\Users\John\Downloads\Regfix.zip

2014-03-20 06:08 - 2014-03-20 06:08 - 00000323 _____ () C:\Users\John\Desktop\Regfix (1).zip

2014-03-20 06:05 - 2014-03-20 06:05 - 00000924 _____ () C:\Users\John\Desktop\NTREGOPT.lnk

2014-03-20 06:05 - 2014-03-20 06:05 - 00000905 _____ () C:\Users\John\Desktop\ERUNT.lnk

2014-03-20 06:05 - 2014-03-20 06:05 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-03-20 06:03 - 2014-03-20 06:03 - 00791393 _____ (Lars Hederer ) C:\Users\John\Downloads\erunt-setup.exe

2014-03-19 05:53 - 2014-03-19 05:53 - 00000142 _____ () C:\Users\John\Desktop\MUI.txt

2014-03-19 05:44 - 2014-03-19 05:46 - 00001602 _____ () C:\Users\John\Desktop\SystemLook.txt

2014-03-19 05:40 - 2014-03-19 05:40 - 00165376 _____ () C:\Users\John\Desktop\SystemLook_x64.exe

2014-03-17 11:07 - 2014-03-17 11:09 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe

2014-03-15 16:41 - 2014-03-15 16:42 - 00001599 _____ () C:\Users\John\Downloads\Search.txt

2014-03-12 06:02 - 2014-03-12 06:02 - 00068684 _____ () C:\Users\John\Downloads\Shortcut.txt

2014-03-12 06:01 - 2014-03-17 11:12 - 00034009 _____ () C:\Users\John\Downloads\Addition.txt

2014-03-12 06:01 - 2014-03-17 11:12 - 00026813 _____ () C:\Users\John\Downloads\FRST.txt

2014-03-12 06:00 - 2014-03-31 16:35 - 00000000 ____D () C:\FRST

2014-03-12 06:00 - 2014-03-12 06:00 - 00001392 _____ () C:\Users\John\Desktop\FRST64 - Shortcut.lnk

2014-03-12 05:59 - 2014-03-12 05:59 - 02157056 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe

2014-03-12 05:57 - 2014-03-12 05:57 - 01145856 _____ (Farbar) C:\Users\John\Downloads\FRST.exe

2014-03-11 21:49 - 2014-03-11 21:49 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes

2014-03-11 21:48 - 2014-03-11 21:48 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-03-11 21:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-11 21:42 - 2014-03-11 21:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-1.75.0.1300.exe

2014-03-10 21:10 - 2014-03-10 21:12 - 01949184 _____ () C:\Users\John\Downloads\AdwCleaner (1).exe

2014-03-10 20:45 - 2014-03-10 20:45 - 00000803 _____ () C:\Users\John\Desktop\JRT.txt

2014-03-10 20:37 - 2014-03-29 08:15 - 00000003 _____ () C:\ProgramData\2psvc31.nls

2014-03-10 20:33 - 2014-03-10 20:33 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (1).exe

2014-03-10 19:50 - 2014-03-10 19:50 - 00000000 ____D () C:\_OTL

2014-03-10 19:47 - 2014-03-10 19:47 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL (1).exe

2014-03-09 15:54 - 2014-03-10 22:29 - 00079660 _____ () C:\Users\John\Downloads\OTL.Txt

2014-03-09 15:54 - 2014-03-09 15:54 - 00054676 _____ () C:\Users\John\Downloads\Extras.Txt

2014-03-09 15:44 - 2014-03-09 15:44 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL.exe

2014-03-09 15:26 - 2014-03-09 22:21 - 00000003 _____ () C:\d31.nls

2014-03-09 14:59 - 2014-03-20 06:07 - 00000000 ____D () C:\Windows\erdnt

2014-03-09 14:59 - 2014-03-09 14:59 - 00000000 ___SD () C:\32788R22FWJFW

2014-03-09 14:53 - 2014-03-09 14:53 - 05187267 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe

2014-03-09 14:00 - 2014-03-09 14:00 - 00000000 ____D () C:\Windows\ERUNT

2014-03-09 13:53 - 2014-03-09 13:53 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe

2014-03-09 13:38 - 2014-03-10 22:13 - 00000000 ____D () C:\AdwCleaner

2014-03-09 13:37 - 2014-03-09 13:38 - 01244192 _____ () C:\Users\John\Downloads\AdwCleaner.exe

2014-03-09 13:27 - 2014-03-09 13:43 - 00000003 _____ () C:\ProgramData\ Office Diagnostics Service31.nls

2014-03-09 13:24 - 2014-03-09 13:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\John\Downloads\revosetup.exe

2014-03-09 13:24 - 2014-03-09 13:24 - 00001264 _____ () C:\Users\John\Desktop\Revo Uninstaller.lnk

2014-03-09 13:24 - 2014-03-09 13:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-03-09 13:17 - 2014-03-11 22:35 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1

 

==================== One Month Modified Files and Folders =======

 

2014-03-31 16:35 - 2014-03-28 06:19 - 00009669 _____ () C:\Users\John\Desktop\FRST.txt

2014-03-31 16:35 - 2014-03-12 06:00 - 00000000 ____D () C:\FRST

2014-03-31 16:33 - 2012-05-11 02:08 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-31 16:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-31 16:31 - 2009-07-13 23:51 - 00209490 _____ () C:\Windows\setupact.log

2014-03-31 16:30 - 2014-03-31 16:29 - 00000000 ____D () C:\Users\Public\Desktop\CC Support

2014-03-31 16:30 - 2012-05-12 17:00 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA.job

2014-03-31 16:30 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-31 16:30 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-31 16:28 - 2014-03-31 16:28 - 04009167 _____ () C:\Users\John\Desktop\ServicesRepair.exe

2014-03-31 16:27 - 2012-05-11 18:19 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps

2014-03-29 08:15 - 2014-03-10 20:37 - 00000003 _____ () C:\ProgramData\2psvc31.nls

2014-03-29 08:14 - 2009-07-13 18:39 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe

2014-03-29 08:11 - 2009-07-14 00:13 - 00726142 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-28 06:21 - 2014-03-28 06:19 - 00000906 _____ () C:\Users\John\Desktop\Search.txt

2014-03-28 06:17 - 2014-03-28 06:17 - 02157056 _____ (Farbar) C:\Users\John\Desktop\FRST64 (1).exe

2014-03-27 16:36 - 2012-05-11 02:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-27 16:01 - 2012-05-11 02:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-27 14:30 - 2012-05-12 17:00 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core.job

2014-03-27 14:25 - 2012-05-12 17:00 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA

2014-03-27 14:25 - 2012-05-12 17:00 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core

2014-03-27 13:56 - 2009-07-13 20:05 - 04093952 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe

2014-03-27 06:10 - 2014-03-27 06:10 - 00005139 _____ () C:\Users\John\Desktop\FSS.txt

2014-03-27 06:09 - 2014-03-27 06:09 - 00409600 _____ (Farbar) C:\Users\John\Desktop\FSS.exe

2014-03-24 06:07 - 2010-01-09 10:25 - 01659771 _____ () C:\Windows\WindowsUpdate.log

2014-03-21 17:45 - 2013-05-13 23:56 - 00000000 ____D () C:\Program Files (x86)\ConverterLite

2014-03-21 15:00 - 2012-05-12 01:19 - 00000000 ____D () C:\Program Files (x86)\Bonjour

2014-03-21 14:26 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar

2014-03-20 06:15 - 2014-03-20 06:15 - 00384084 _____ () C:\Users\John\Desktop\AIDA64 Report.txt

2014-03-20 06:14 - 2014-03-20 06:14 - 00000000 ____D () C:\Users\John\Documents\AIDA64 Reports

2014-03-20 06:13 - 2014-03-20 06:13 - 00001175 _____ () C:\Users\John\Desktop\AIDA64 Extreme.lnk

2014-03-20 06:13 - 2014-03-20 06:13 - 00000000 ____D () C:\Program Files (x86)\FinalWire

2014-03-20 06:11 - 2014-03-20 06:10 - 15834968 _____ (FinalWire Ltd. ) C:\Users\John\Downloads\aida64extreme420.exe

2014-03-20 06:09 - 2014-03-20 06:09 - 00000000 ____D () C:\Users\John\Desktop\Regfix (1)

2014-03-20 06:08 - 2014-03-20 06:08 - 00000323 _____ () C:\Users\John\Downloads\Regfix.zip

2014-03-20 06:08 - 2014-03-20 06:08 - 00000323 _____ () C:\Users\John\Desktop\Regfix (1).zip

2014-03-20 06:07 - 2014-03-09 14:59 - 00000000 ____D () C:\Windows\erdnt

2014-03-20 06:05 - 2014-03-20 06:05 - 00000924 _____ () C:\Users\John\Desktop\NTREGOPT.lnk

2014-03-20 06:05 - 2014-03-20 06:05 - 00000905 _____ () C:\Users\John\Desktop\ERUNT.lnk

2014-03-20 06:05 - 2014-03-20 06:05 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-03-20 06:03 - 2014-03-20 06:03 - 00791393 _____ (Lars Hederer ) C:\Users\John\Downloads\erunt-setup.exe

2014-03-19 05:53 - 2014-03-19 05:53 - 00000142 _____ () C:\Users\John\Desktop\MUI.txt

2014-03-19 05:46 - 2014-03-19 05:44 - 00001602 _____ () C:\Users\John\Desktop\SystemLook.txt

2014-03-19 05:45 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2014-03-19 05:42 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender

2014-03-19 05:40 - 2014-03-19 05:40 - 00165376 _____ () C:\Users\John\Desktop\SystemLook_x64.exe

2014-03-17 11:12 - 2014-03-12 06:01 - 00034009 _____ () C:\Users\John\Downloads\Addition.txt

2014-03-17 11:12 - 2014-03-12 06:01 - 00026813 _____ () C:\Users\John\Downloads\FRST.txt

2014-03-17 11:09 - 2014-03-17 11:07 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe

2014-03-15 16:42 - 2014-03-15 16:41 - 00001599 _____ () C:\Users\John\Downloads\Search.txt

2014-03-15 16:37 - 2013-09-29 15:43 - 00000008 __RSH () C:\Users\John\ntuser.pol

2014-03-15 16:37 - 2012-05-10 19:30 - 00000000 ____D () C:\Users\John

2014-03-15 16:28 - 2014-01-30 19:43 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-03-15 16:26 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-03-15 08:02 - 2012-05-12 17:01 - 00002321 _____ () C:\Users\John\Desktop\Google Chrome.lnk

2014-03-12 06:02 - 2014-03-12 06:02 - 00068684 _____ () C:\Users\John\Downloads\Shortcut.txt

2014-03-12 06:00 - 2014-03-12 06:00 - 00001392 _____ () C:\Users\John\Desktop\FRST64 - Shortcut.lnk

2014-03-12 05:59 - 2014-03-12 05:59 - 02157056 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe

2014-03-12 05:57 - 2014-03-12 05:57 - 01145856 _____ (Farbar) C:\Users\John\Downloads\FRST.exe

2014-03-11 22:38 - 2012-05-10 19:27 - 00415008 _____ () C:\Windows\PFRO.log

2014-03-11 22:35 - 2014-03-09 13:17 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1

2014-03-11 22:35 - 2012-07-31 12:41 - 00000000 ____D () C:\ProgramData\781287A80008C96702A76687E56C34C7

2014-03-11 22:35 - 2012-07-31 00:04 - 00000000 ____D () C:\ProgramData\781287A80008C96702A766874F147CE7

2014-03-11 22:35 - 2012-05-10 23:03 - 00000000 ____D () C:\Users\John\AppData\Roaming\Adobe

2014-03-11 22:35 - 2012-05-10 19:36 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-11 21:49 - 2014-03-11 21:49 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes

2014-03-11 21:48 - 2014-03-11 21:48 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-03-11 21:46 - 2014-03-11 21:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-1.75.0.1300.exe

2014-03-10 22:29 - 2014-03-09 15:54 - 00079660 _____ () C:\Users\John\Downloads\OTL.Txt

2014-03-10 22:13 - 2014-03-09 13:38 - 00000000 ____D () C:\AdwCleaner

2014-03-10 21:12 - 2014-03-10 21:10 - 01949184 _____ () C:\Users\John\Downloads\AdwCleaner (1).exe

2014-03-10 20:45 - 2014-03-10 20:45 - 00000803 _____ () C:\Users\John\Desktop\JRT.txt

2014-03-10 20:33 - 2014-03-10 20:33 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (1).exe

2014-03-10 20:22 - 2014-01-22 21:18 - 00000003 _____ () C:\ProgramData\31.nls

2014-03-10 19:50 - 2014-03-10 19:50 - 00000000 ____D () C:\_OTL

2014-03-10 19:47 - 2014-03-10 19:47 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL (1).exe

2014-03-09 22:21 - 2014-03-09 15:26 - 00000003 _____ () C:\d31.nls

2014-03-09 21:51 - 2012-06-07 20:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-09 15:54 - 2014-03-09 15:54 - 00054676 _____ () C:\Users\John\Downloads\Extras.Txt

2014-03-09 15:44 - 2014-03-09 15:44 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL.exe

2014-03-09 15:17 - 2009-11-01 00:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-03-09 14:59 - 2014-03-09 14:59 - 00000000 ___SD () C:\32788R22FWJFW

2014-03-09 14:53 - 2014-03-09 14:53 - 05187267 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe

2014-03-09 14:00 - 2014-03-09 14:00 - 00000000 ____D () C:\Windows\ERUNT

2014-03-09 13:53 - 2014-03-09 13:53 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe

2014-03-09 13:46 - 2012-05-11 05:37 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2014-03-09 13:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration

2014-03-09 13:43 - 2014-03-09 13:27 - 00000003 _____ () C:\ProgramData\ Office Diagnostics Service31.nls

2014-03-09 13:43 - 2012-08-18 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-09 13:38 - 2014-03-09 13:37 - 01244192 _____ () C:\Users\John\Downloads\AdwCleaner.exe

2014-03-09 13:31 - 2012-05-11 02:08 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-09 13:31 - 2012-05-11 02:08 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-09 13:24 - 2014-03-09 13:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\John\Downloads\revosetup.exe

2014-03-09 13:24 - 2014-03-09 13:24 - 00001264 _____ () C:\Users\John\Desktop\Revo Uninstaller.lnk

2014-03-09 13:24 - 2014-03-09 13:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-03-09 13:23 - 2013-10-01 20:59 - 00000000 ____D () C:\Users\John\AppData\Local\avgchrome

2014-03-09 13:18 - 2014-01-30 19:43 - 00000162 _____ () C:\extensions.ini

2014-03-09 13:17 - 2012-05-11 05:37 - 00995328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe

2014-03-09 13:15 - 2009-07-13 18:19 - 00589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe

[2009-07-13 18:19] - [2014-03-09 13:15] - 0589312 ____A (Microsoft Corporation) 8DDE1A539CBC01AB2D80D1CE61C05A98

 

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-03-20 20:07

 

==================== End Of Log ============================