Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 05 Ran by coldharbor1950 (administrator) on ICELAND on 11-01-2014 14:47:52 Running from C:\Users\coldharbor1950\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-01-04] (Realtek Semiconductor) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-01-01] (Siber Systems) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=402027&fr=spigot-yhp-ie HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {4F1149B4-DD36-468D-A3A7-B9D541595DEF} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-11-25] FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-12-07] Chrome: ======= CHR HomePage: https://www.google.com/calendar/render?tab=Xc CHR Plugin: (Widevine Content Decryption Module) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\pdf.dll () CHR Plugin: (Coupons Inc., Coupon Printer) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Bejeweled) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0 [2014-01-04] CHR Extension: (Google Docs) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-12-30] CHR Extension: (Google Drive) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-12-30] CHR Extension: (Photo Zoom for Facebook) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_0 [2013-12-30] CHR Extension: (Pinterest) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0 [2013-12-30] CHR Extension: (Social Fixer for Facebook) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_0 [2013-12-30] CHR Extension: ( "name": "Office Apps") - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\2.1_0 [2013-12-30] CHR Extension: (Google Mail Checker) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0 [2013-12-30] CHR Extension: (Crosswords) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_0 [2014-01-04] CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 [2013-12-30] CHR Extension: (Google Wallet) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2014-01-08] CHR HKCU\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\coldharbor1950\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx [2013-12-11] CHR HKCU\...\Chrome\Extension: [eijoglodfkeicibboibphapnoahoaapi] - C:\Users\coldharbor1950\AppData\Local\CRE\eijoglodfkeicibboibphapnoahoaapi.crx [2012-05-22] CHR HKLM-x32\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\coldharbor1950\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx [2013-12-11] CHR HKLM-x32\...\Chrome\Extension: [eijoglodfkeicibboibphapnoahoaapi] - C:\Users\coldharbor1950\AppData\Local\CRE\eijoglodfkeicibboibphapnoahoaapi.crx [2012-05-22] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-12-07] CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2013-11-19] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2014-01-04] (Realtek Semiconductor) R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] () ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-15] (AVG Technologies) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-17] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-11 14:42 - 2014-01-11 14:48 - 00019303 _____ C:\Users\coldharbor1950\Desktop\FRST.txt 2014-01-11 14:12 - 2014-01-11 14:12 - 00061440 _____ ( ) C:\Users\coldharbor1950\Downloads\VEW.exe 2014-01-11 14:07 - 2014-01-11 14:47 - 00000000 ____D C:\Users\coldharbor1950\Desktop\Comp Fix 2 2014-01-11 14:04 - 2014-01-11 14:06 - 00000000 ____D C:\Users\coldharbor1950\Desktop\Comp Fix 1 2014-01-10 18:39 - 2014-01-10 18:40 - 00000000 ____D C:\Users\coldharbor1950\Downloads\refamilydollar101certification 2014-01-10 18:38 - 2014-01-10 18:38 - 00028320 _____ C:\Users\coldharbor1950\Downloads\refamilydollar101certification.zip 2014-01-10 14:36 - 2014-01-10 19:43 - 00021466 _____ C:\Users\coldharbor1950\Documents\Temp agreement.odt 2014-01-10 08:40 - 2014-01-11 14:31 - 00000168 _____ C:\Windows\setupact.log 2014-01-10 08:40 - 2014-01-10 08:40 - 00333712 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-10 08:40 - 2014-01-10 08:40 - 00000000 _____ C:\Windows\setuperr.log 2014-01-08 17:59 - 2014-01-08 17:59 - 00001358 _____ C:\Users\coldharbor1950\Desktop\Amanda The Day After.txt 2014-01-08 09:01 - 2014-01-08 09:01 - 01118208 _____ C:\Users\coldharbor1950\Documents\Win Mgr 1.evtx 2014-01-08 08:39 - 2014-01-11 14:22 - 00000000 ____D C:\Users\coldharbor1950\Desktop\FRST-OlderVersion 2014-01-07 15:58 - 2014-01-07 15:58 - 00001172 _____ C:\Users\coldharbor1950\Documents\cc_20140107_155805.reg 2014-01-07 13:06 - 2014-01-07 13:06 - 00013427 _____ C:\Users\coldharbor1950\Desktop\procexp - Shortcut.lnk 2014-01-07 12:49 - 2014-01-11 14:22 - 00000000 ____D C:\FRST 2014-01-07 09:28 - 2014-01-07 09:28 - 01233962 _____ C:\Users\coldharbor1950\Downloads\AdwCleaner (2).exe 2014-01-07 09:27 - 2014-01-07 09:27 - 01233962 _____ C:\Users\coldharbor1950\Downloads\AdwCleaner (1).exe 2014-01-07 09:15 - 2014-01-07 09:15 - 00003564 _____ C:\Users\coldharbor1950\Documents\cc_20140107_091510.reg 2014-01-07 09:13 - 2014-01-07 09:13 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2014-01-07 09:11 - 2014-01-07 09:12 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\coldharbor1950\Downloads\procexp.exe 2014-01-07 09:11 - 2014-01-07 09:11 - 04779896 _____ (Piriform Ltd) C:\Users\coldharbor1950\Downloads\spsetup124.exe 2014-01-07 09:09 - 2014-01-11 14:22 - 02076672 _____ (Farbar) C:\Users\coldharbor1950\Desktop\FRST64.exe 2014-01-06 21:37 - 2014-01-06 21:37 - 00142166 _____ C:\Users\coldharbor1950\Downloads\OTL Results.txt 2014-01-06 19:26 - 2014-01-06 19:26 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Desktop\OTL.exe 2014-01-06 19:11 - 2014-01-06 19:11 - 00003015 _____ C:\Users\coldharbor1950\Desktop\HiJackThis.lnk 2014-01-06 19:07 - 2014-01-06 19:08 - 00010826 _____ C:\Users\coldharbor1950\Documents\FB Bill Discussion 01032014.txt 2014-01-06 18:51 - 2014-01-06 18:51 - 00003180 _____ C:\Windows\System32\Tasks\{1ABA2EDC-91BB-48DD-8325-98A7B597B952} 2014-01-06 18:48 - 2014-01-06 18:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\coldharbor1950\Downloads\HijackThis.exe 2014-01-06 17:22 - 2014-01-06 17:45 - 00018956 _____ C:\Windows\system32\avgrep.txt 2014-01-06 16:12 - 2014-01-06 16:12 - 00011231 _____ C:\Users\coldharbor1950\Documents\hijackthis 010614 Safe 2014-01-06 11:29 - 2014-01-06 11:30 - 00000384 _____ C:\Users\coldharbor1950\Documents\cc_20140106_112925.reg 2014-01-05 18:58 - 2014-01-05 18:58 - 00000000 ____D C:\ProgramData\ATI 2014-01-05 18:57 - 2014-01-11 14:31 - 00000000 ____D C:\ProgramData\PDFC 2014-01-05 18:56 - 2014-01-05 18:56 - 00000000 _____ C:\asc_rdflag 2014-01-05 16:03 - 2014-01-05 16:03 - 00000566 _____ C:\Users\coldharbor1950\Documents\cc_20140105_160310.reg 2014-01-05 08:32 - 2014-01-05 08:32 - 00000890 _____ C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk 2014-01-05 08:32 - 2014-01-05 08:32 - 00000000 ____D C:\Program Files (x86)\NETGEAR 2014-01-05 08:32 - 2011-12-12 17:42 - 01256192 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh664.sys 2014-01-05 08:32 - 2011-07-22 10:33 - 00025056 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys 2014-01-05 08:32 - 2010-02-03 11:21 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll 2014-01-05 08:32 - 2010-02-03 11:21 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\Packet.dll 2014-01-05 08:32 - 2010-02-03 11:21 - 00053299 _____ C:\Windows\SysWOW64\pthreadVC.dll 2014-01-05 08:32 - 2010-02-03 11:21 - 00047632 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys 2014-01-05 08:23 - 2014-01-05 08:25 - 00000000 ____D C:\Users\coldharbor1950\Downloads\WNA3100GENIE_Setup_V2.0.0.0_20111226 2014-01-05 08:23 - 2011-12-26 18:58 - 38094267 _____ (Acresso Software Inc. ) C:\Users\coldharbor1950\Desktop\Setup.exe 2014-01-05 08:21 - 2014-01-05 08:23 - 36522836 _____ C:\Users\coldharbor1950\Downloads\WNA3100GENIE_Setup_V2.0.0.0_20111226 (1).zip 2014-01-04 22:35 - 2014-01-04 22:36 - 36522836 _____ C:\Users\coldharbor1950\Downloads\WNA3100GENIE_Setup_V2.0.0.0_20111226.zip 2014-01-04 20:14 - 2014-01-04 20:14 - 00000000 ____D C:\Windows\system32\SRSLabs 2014-01-04 20:13 - 2014-01-04 20:13 - 41974272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat 2014-01-04 20:13 - 2014-01-04 20:13 - 03760344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2014-01-04 20:13 - 2014-01-04 20:13 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2014-01-04 20:13 - 2014-01-04 20:13 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 00693329 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT 2014-01-04 20:13 - 2014-01-04 20:13 - 00618200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 00154840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2014-01-04 20:12 - 2014-01-04 20:12 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll 2014-01-04 20:12 - 2014-01-04 20:12 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll 2014-01-04 20:12 - 2014-01-04 20:12 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2014-01-04 20:12 - 2014-01-04 20:12 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 29382144 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 26352128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 24860160 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 22157824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 13207552 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2014-01-04 20:02 - 2014-01-04 20:02 - 08927704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 08406024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 08287008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 07751920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 06630232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 03461040 _____ C:\Windows\SysWOW64\atiumdva.cap 2014-01-04 20:02 - 2014-01-04 20:02 - 03426688 _____ C:\Windows\system32\atiumd6a.cap 2014-01-04 20:02 - 2014-01-04 20:02 - 01100216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00825344 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00721296 _____ C:\Windows\system32\atiicdxx.dat 2014-01-04 20:02 - 2014-01-04 20:02 - 00626176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2014-01-04 20:02 - 2014-01-04 20:02 - 00550456 _____ C:\Windows\SysWOW64\atiapfxx.blb 2014-01-04 20:02 - 2014-01-04 20:02 - 00550456 _____ C:\Windows\system32\atiapfxx.blb 2014-01-04 20:02 - 2014-01-04 20:02 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2014-01-04 20:02 - 2014-01-04 20:02 - 00234036 _____ C:\Windows\system32\ativvaxy_cik.dat 2014-01-04 20:02 - 2014-01-04 20:02 - 00233776 _____ C:\Windows\system32\ativvaxy_cik_nd.dat 2014-01-04 20:02 - 2014-01-04 20:02 - 00230912 _____ C:\Windows\system32\clinfo.exe 2014-01-04 20:02 - 2014-01-04 20:02 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00129536 _____ (AMD) C:\Windows\system32\coinst_13.251.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00115512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00099840 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00083552 _____ C:\Windows\system32\ativce02.dat 2014-01-04 20:02 - 2014-01-04 20:02 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00074752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00063488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00057344 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00047887 _____ C:\Windows\atiogl.xml 2014-01-04 20:02 - 2014-01-04 20:02 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll 2014-01-03 19:44 - 2014-01-03 19:44 - 00659968 _____ C:\Users\coldharbor1950\Downloads\MicrosoftFixit50195.msi 2014-01-03 19:38 - 2014-01-03 19:39 - 02077392 _____ (Microsoft Corporation) C:\Users\coldharbor1950\Downloads\IE11-Windows6.1.exe 2014-01-03 19:08 - 2014-01-03 19:08 - 00000474 _____ C:\Users\coldharbor1950\Documents\cc_20140103_190814.reg 2014-01-03 17:28 - 2014-01-03 17:28 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat 2014-01-03 17:28 - 2014-01-03 17:28 - 00204952 _____ C:\Windows\system32\ativvsvl.dat 2014-01-03 17:28 - 2014-01-03 17:28 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat 2014-01-03 17:28 - 2014-01-03 17:28 - 00157144 _____ C:\Windows\system32\ativvsva.dat 2014-01-03 17:28 - 2014-01-03 17:28 - 00129536 _____ (AMD) C:\Windows\system32\coinst_13.20.dll 2014-01-03 12:34 - 2014-01-03 12:34 - 00000448 _____ C:\Users\coldharbor1950\Documents\cc_20140103_123406.reg 2014-01-02 15:07 - 2014-01-02 15:07 - 00010945 _____ C:\Users\coldharbor1950\Documents\hijackthis 010214 3 2014-01-02 14:55 - 2014-01-02 14:55 - 00007590 _____ C:\Users\coldharbor1950\Documents\cc_20140102_145552.reg 2014-01-02 14:53 - 2014-01-06 19:11 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2014-01-02 14:48 - 2014-01-02 14:48 - 01402880 _____ C:\Users\coldharbor1950\Downloads\HijackThis_v2.0.5-Beta (1).msi 2014-01-02 14:44 - 2014-01-02 14:44 - 01402880 _____ C:\Users\coldharbor1950\Downloads\HijackThis_v2.0.5-Beta.msi 2014-01-02 14:31 - 2014-01-02 14:31 - 01402880 _____ C:\Users\coldharbor1950\Downloads\HiJackThis.msi 2014-01-02 13:26 - 2014-01-02 13:26 - 00011832 _____ C:\Users\coldharbor1950\Documents\hijackthis 010214.txt 2014-01-02 12:24 - 2014-01-02 12:24 - 00000320 _____ C:\Users\coldharbor1950\Documents\cc_20140102_122430.reg 2014-01-01 18:58 - 2014-01-01 18:58 - 00002646 _____ C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blog _ RoboForm Blog Home.lnk 2014-01-01 18:32 - 2014-01-01 18:32 - 00000000 ____D C:\Program Files (x86)\Siber Systems 2014-01-01 14:13 - 2014-01-06 18:33 - 00000000 ____D C:\Windows\erdnt 2014-01-01 12:25 - 2014-01-01 12:25 - 00003180 _____ C:\Windows\System32\Tasks\{F876F0D1-9074-4454-9507-B66E6F1F41E7} 2014-01-01 12:24 - 2014-01-01 12:24 - 00003158 _____ C:\Windows\System32\Tasks\{EE712E68-F096-4268-BEA8-CD4258B2BEB8} 2013-12-31 18:54 - 2013-12-31 18:54 - 00012248 _____ C:\Users\coldharbor1950\Documents\HiJackThis Scan 3 reg.txt 2013-12-31 13:06 - 2014-01-11 14:32 - 00003356 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-387024861-1857405023-142887614-1000 2013-12-31 13:00 - 2013-12-31 13:00 - 00650240 _____ C:\Users\coldharbor1950\Downloads\MicrosoftFixit50199.msi 2013-12-31 12:57 - 2013-12-31 12:58 - 00186880 _____ (CEXX.ORG) C:\Users\coldharbor1950\Downloads\LSPFix.exe 2013-12-31 12:42 - 2013-12-31 12:42 - 00012141 _____ C:\Users\coldharbor1950\Documents\hijackthis 123113 Safe Clean 1 2013-12-31 12:10 - 2013-12-31 12:10 - 00012248 _____ C:\Users\coldharbor1950\Documents\hijackthis 123113 Safe.txt 2013-12-31 11:42 - 2014-01-06 19:11 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2013-12-31 11:42 - 2013-12-31 11:42 - 00812344 _____ (Trend Micro Inc.) C:\Users\coldharbor1950\Downloads\HJTInstall.exe 2013-12-31 11:40 - 2013-12-31 11:40 - 00013948 _____ C:\Users\coldharbor1950\Documents\hijackthis 123113 1 2013-12-31 11:35 - 2014-01-02 14:40 - 00000000 ____D C:\Users\coldharbor1950\Downloads\hijackthis_sfx 2013-12-31 08:26 - 2013-12-31 08:26 - 00000000 ____D C:\Program Files\7-Zip 2013-12-31 08:24 - 2013-12-31 08:24 - 01376768 _____ C:\Users\coldharbor1950\Downloads\7z920-x64.msi 2013-12-31 08:20 - 2013-12-31 08:20 - 00011340 _____ C:\Users\coldharbor1950\Documents\cc_20131231_082033.reg 2013-12-31 07:49 - 2013-12-31 07:49 - 00251392 _____ C:\Users\coldharbor1950\Downloads\hijackthis_sfx (1).exe 2013-12-30 19:52 - 2013-12-30 19:53 - 14221336 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup.exe 2013-12-30 18:12 - 2013-12-30 18:12 - 00001208 _____ C:\Users\coldharbor1950\Desktop\adwcleaner - Shortcut.lnk 2013-12-30 18:11 - 2013-12-30 18:11 - 01233962 _____ C:\Users\coldharbor1950\Downloads\adwcleaner.exe 2013-12-30 10:18 - 2013-12-30 10:18 - 00251392 _____ C:\Users\coldharbor1950\Downloads\hijackthis_sfx.exe 2013-12-30 08:44 - 2013-12-30 08:44 - 00000000 ____D C:\Windows\CD95F661A5C444F5A6AAECDD91C240DB.TMP 2013-12-29 23:35 - 2013-12-29 23:35 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\AVG2014 2013-12-29 23:34 - 2013-12-29 23:34 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute 2013-12-29 23:33 - 2013-12-29 23:33 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\TuneUp Software 2013-12-29 23:31 - 2014-01-05 18:43 - 00000000 ____D C:\ProgramData\AVG2014 2013-12-29 23:31 - 2014-01-05 18:43 - 00000000 ____D C:\$AVG 2013-12-29 23:26 - 2013-12-29 23:27 - 04436952 _____ (AVG Technologies) C:\Users\coldharbor1950\Downloads\avg_isct_stb_all_2014_4259.exe 2013-12-29 19:58 - 2013-12-29 19:58 - 04645232 _____ (Piriform Ltd) C:\Users\coldharbor1950\Downloads\ccsetup409.exe 2013-12-29 10:48 - 2013-12-29 10:48 - 06618910 _____ C:\Users\coldharbor1950\Downloads\Windows_Tweaks_Guide.zip 2013-12-29 10:48 - 2013-12-29 10:48 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\WinZip 2013-12-29 10:40 - 2013-07-04 15:59 - 00032600 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe 2013-12-29 10:39 - 2013-07-04 15:59 - 00017720 _____ C:\Windows\system32\Drivers\SmartDefragDriver.sys 2013-12-29 10:38 - 2013-12-29 10:38 - 05026656 _____ (IObit ) C:\Users\coldharbor1950\Downloads\defragsetup-pro.exe 2013-12-29 10:31 - 2013-12-29 10:33 - 13086648 _____ (IObit ) C:\Users\coldharbor1950\Downloads\driver_booster_setup.exe 2013-12-28 10:54 - 2014-01-05 18:56 - 82198528 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak 2013-12-28 10:54 - 2014-01-05 18:56 - 04956160 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak 2013-12-28 10:54 - 2014-01-05 18:56 - 00061440 _____ C:\Windows\system32\config\SAM.iodefrag.bak 2013-12-28 10:54 - 2014-01-05 18:56 - 00028672 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak 2013-12-21 16:50 - 2013-12-21 16:50 - 00000870 _____ C:\Users\coldharbor1950\Documents\cc_20131221_165036.reg 2013-12-19 18:21 - 2013-12-19 18:21 - 00003516 _____ C:\Users\coldharbor1950\Documents\cc_20131219_182144.reg 2013-12-19 12:57 - 2013-12-19 18:20 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-12-19 12:57 - 2013-12-19 12:57 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk 2013-12-19 12:05 - 2013-12-19 12:05 - 00023546 _____ C:\Users\coldharbor1950\Documents\Go Fund Me.odt 2013-12-18 09:37 - 2013-12-18 09:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\coldharbor1950\Downloads\mbam-consumer.exe 2013-12-18 09:30 - 2013-12-18 09:30 - 00006186 _____ C:\Users\coldharbor1950\Documents\cc_20131218_093018.reg 2013-12-17 21:26 - 2013-12-18 09:41 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-17 21:26 - 2013-12-18 09:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-17 21:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-17 16:09 - 2014-01-07 09:40 - 00000000 ____D C:\AdwCleaner 2013-12-17 07:31 - 2013-12-17 07:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\coldharbor1950\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-16 21:44 - 2013-12-16 21:47 - 93473560 _____ (Microsoft Corporation) C:\Users\coldharbor1950\Downloads\msert.exe 2013-12-16 18:13 - 2013-12-16 18:12 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-12-16 18:13 - 2013-12-16 18:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-12-16 18:13 - 2013-12-16 18:12 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-12-16 18:13 - 2013-12-16 18:12 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-12-16 18:12 - 2013-12-16 18:12 - 00000000 ____D C:\Program Files (x86)\Java 2013-12-16 18:10 - 2013-12-16 18:10 - 00915368 _____ (Oracle Corporation) C:\Users\coldharbor1950\Downloads\chromeinstall-7u45.exe 2013-12-16 17:38 - 2013-12-16 17:38 - 00012076 _____ C:\Users\coldharbor1950\Documents\cc_20131216_173610.reg 2013-12-16 17:36 - 2013-12-16 17:36 - 00000082 _____ C:\Users\coldharbor1950\Documents\cc_20131216_173558.reg 2013-12-16 08:46 - 2013-12-16 08:48 - 25647320 _____ (Microsoft Corporation) C:\Users\coldharbor1950\Downloads\Windows-KB890830-x64-V5.7.exe 2013-12-15 16:55 - 2013-12-15 16:55 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-12-15 16:47 - 2014-01-04 20:04 - 00000000 ____D C:\Program Files\AMD 2013-12-15 16:47 - 2013-12-15 16:47 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2013-12-15 16:47 - 2013-12-15 16:47 - 00000000 ____D C:\Program Files (x86)\AMD 2013-12-15 16:46 - 2013-12-15 16:46 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201312151646310228.log 2013-12-15 16:43 - 2013-12-15 16:47 - 00000000 ____D C:\ProgramData\AMD 2013-12-15 15:25 - 2013-12-17 19:11 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys 2013-12-15 15:25 - 2013-12-15 15:25 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\SlimWare Utilities Inc 2013-12-15 15:24 - 2013-12-17 22:43 - 00000000 ____D C:\Program Files (x86)\DriverUpdate 2013-12-15 15:24 - 2013-12-15 15:24 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-12-14 21:51 - 2013-12-14 21:51 - 00000000 ____D C:\Program Files (x86)\AVG 2013-12-14 21:46 - 2014-01-11 12:52 - 00000000 ____D C:\ProgramData\MFAData 2013-12-14 21:46 - 2013-12-29 23:51 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Avg2014 2013-12-14 21:46 - 2013-12-14 21:46 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\MFAData 2013-12-14 20:13 - 2013-12-14 20:13 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Macromedia 2013-12-14 20:10 - 2014-01-05 18:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-14 20:10 - 2013-12-14 20:11 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Mozilla 2013-12-14 20:10 - 2013-12-14 20:10 - 00000000 ____D C:\ProgramData\Mozilla 2013-12-14 19:09 - 2013-12-14 19:09 - 00000000 ___HD C:\Users\coldharbor1950\Documents\Add-in Express 2013-12-14 16:03 - 2013-12-14 16:03 - 00000000 ___HD C:\Users\coldharbor1950\AppData\Roaming\Malwarebytes 2013-12-14 16:02 - 2013-12-14 16:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-14 12:44 - 2013-12-14 12:44 - 00000000 ___HD C:\Users\coldharbor1950\Downloads\Xanga Archives 2013-12-14 12:34 - 2013-12-15 08:58 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-12-14 12:30 - 2013-12-14 12:30 - 06210282 ____H C:\Users\coldharbor1950\Downloads\55381_1.zip 2013-12-13 21:46 - 2013-12-15 16:38 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-13 21:44 - 2013-12-15 16:45 - 00000000 ____D C:\Program Files\ATI Technologies 2013-12-13 21:42 - 2014-01-03 17:30 - 00000000 ____D C:\AMD 2013-12-13 21:31 - 2013-12-13 21:31 - 00791552 _____ (AMD) C:\Users\coldharbor1950\Downloads\amddriverdownloader.exe 2013-12-13 19:12 - 2013-12-13 19:12 - 00000017 ____H C:\Users\coldharbor1950\Documents\VIN Nick.txt ==================== One Month Modified Files and Folders ======= 2014-01-11 14:48 - 2014-01-11 14:42 - 00019303 _____ C:\Users\coldharbor1950\Desktop\FRST.txt 2014-01-11 14:47 - 2014-01-11 14:07 - 00000000 ____D C:\Users\coldharbor1950\Desktop\Comp Fix 2 2014-01-11 14:39 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-11 14:39 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-11 14:37 - 2009-07-13 23:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-11 14:32 - 2013-12-31 13:06 - 00003356 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-387024861-1857405023-142887614-1000 2014-01-11 14:32 - 2013-10-10 05:57 - 00003240 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-387024861-1857405023-142887614-1000 2014-01-11 14:32 - 2012-11-02 21:25 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-11 14:31 - 2014-01-10 08:40 - 00000168 _____ C:\Windows\setupact.log 2014-01-11 14:31 - 2014-01-05 18:57 - 00000000 ____D C:\ProgramData\PDFC 2014-01-11 14:31 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-11 14:22 - 2014-01-08 08:39 - 00000000 ____D C:\Users\coldharbor1950\Desktop\FRST-OlderVersion 2014-01-11 14:22 - 2014-01-07 12:49 - 00000000 ____D C:\FRST 2014-01-11 14:22 - 2014-01-07 09:09 - 02076672 _____ (Farbar) C:\Users\coldharbor1950\Desktop\FRST64.exe 2014-01-11 14:12 - 2014-01-11 14:12 - 00061440 _____ ( ) C:\Users\coldharbor1950\Downloads\VEW.exe 2014-01-11 14:09 - 2012-10-20 17:10 - 00000000 ___HD C:\Users\coldharbor1950\AppData\Local\CrashDumps 2014-01-11 14:06 - 2014-01-11 14:04 - 00000000 ____D C:\Users\coldharbor1950\Desktop\Comp Fix 1 2014-01-11 14:05 - 2012-11-02 21:25 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-11 14:04 - 2012-12-28 22:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-11 12:52 - 2013-12-14 21:46 - 00000000 ____D C:\ProgramData\MFAData 2014-01-11 00:40 - 2012-06-09 13:14 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{97A3A84A-CC66-4D5F-A3C7-2DF30115F961} 2014-01-10 19:43 - 2014-01-10 14:36 - 00021466 _____ C:\Users\coldharbor1950\Documents\Temp agreement.odt 2014-01-10 18:40 - 2014-01-10 18:39 - 00000000 ____D C:\Users\coldharbor1950\Downloads\refamilydollar101certification 2014-01-10 18:38 - 2014-01-10 18:38 - 00028320 _____ C:\Users\coldharbor1950\Downloads\refamilydollar101certification.zip 2014-01-10 08:40 - 2014-01-10 08:40 - 00333712 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-10 08:40 - 2014-01-10 08:40 - 00000000 _____ C:\Windows\setuperr.log 2014-01-08 17:59 - 2014-01-08 17:59 - 00001358 _____ C:\Users\coldharbor1950\Desktop\Amanda The Day After.txt 2014-01-08 09:06 - 2009-07-13 23:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-08 09:01 - 2014-01-08 09:01 - 01118208 _____ C:\Users\coldharbor1950\Documents\Win Mgr 1.evtx 2014-01-07 15:58 - 2014-01-07 15:58 - 00001172 _____ C:\Users\coldharbor1950\Documents\cc_20140107_155805.reg 2014-01-07 13:06 - 2014-01-07 13:06 - 00013427 _____ C:\Users\coldharbor1950\Desktop\procexp - Shortcut.lnk 2014-01-07 10:07 - 2013-05-30 13:32 - 00000000 ____D C:\JRT 2014-01-07 09:40 - 2013-12-17 16:09 - 00000000 ____D C:\AdwCleaner 2014-01-07 09:28 - 2014-01-07 09:28 - 01233962 _____ C:\Users\coldharbor1950\Downloads\AdwCleaner (2).exe 2014-01-07 09:27 - 2014-01-07 09:27 - 01233962 _____ C:\Users\coldharbor1950\Downloads\AdwCleaner (1).exe 2014-01-07 09:15 - 2014-01-07 09:15 - 00003564 _____ C:\Users\coldharbor1950\Documents\cc_20140107_091510.reg 2014-01-07 09:13 - 2014-01-07 09:13 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2014-01-07 09:13 - 2012-11-09 21:48 - 00000000 ____D C:\Program Files (x86)\IObit 2014-01-07 09:12 - 2014-01-07 09:11 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\coldharbor1950\Downloads\procexp.exe 2014-01-07 09:11 - 2014-01-07 09:11 - 04779896 _____ (Piriform Ltd) C:\Users\coldharbor1950\Downloads\spsetup124.exe 2014-01-06 21:37 - 2014-01-06 21:37 - 00142166 _____ C:\Users\coldharbor1950\Downloads\OTL Results.txt 2014-01-06 19:26 - 2014-01-06 19:26 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Desktop\OTL.exe 2014-01-06 19:11 - 2014-01-06 19:11 - 00003015 _____ C:\Users\coldharbor1950\Desktop\HiJackThis.lnk 2014-01-06 19:11 - 2014-01-02 14:53 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2014-01-06 19:11 - 2013-12-31 11:42 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2014-01-06 19:08 - 2014-01-06 19:07 - 00010826 _____ C:\Users\coldharbor1950\Documents\FB Bill Discussion 01032014.txt 2014-01-06 18:51 - 2014-01-06 18:51 - 00003180 _____ C:\Windows\System32\Tasks\{1ABA2EDC-91BB-48DD-8325-98A7B597B952} 2014-01-06 18:48 - 2014-01-06 18:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\coldharbor1950\Downloads\HijackThis.exe 2014-01-06 18:33 - 2014-01-01 14:13 - 00000000 ____D C:\Windows\erdnt 2014-01-06 17:45 - 2014-01-06 17:22 - 00018956 _____ C:\Windows\system32\avgrep.txt 2014-01-06 16:12 - 2014-01-06 16:12 - 00011231 _____ C:\Users\coldharbor1950\Documents\hijackthis 010614 Safe 2014-01-06 11:30 - 2014-01-06 11:29 - 00000384 _____ C:\Users\coldharbor1950\Documents\cc_20140106_112925.reg 2014-01-05 18:58 - 2014-01-05 18:58 - 00000000 ____D C:\ProgramData\ATI 2014-01-05 18:56 - 2014-01-05 18:56 - 00000000 _____ C:\asc_rdflag 2014-01-05 18:56 - 2013-12-28 10:54 - 82198528 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak 2014-01-05 18:56 - 2013-12-28 10:54 - 04956160 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak 2014-01-05 18:56 - 2013-12-28 10:54 - 00061440 _____ C:\Windows\system32\config\SAM.iodefrag.bak 2014-01-05 18:56 - 2013-12-28 10:54 - 00028672 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak 2014-01-05 18:56 - 2012-06-09 13:07 - 00000000 ____D C:\Users\coldharbor1950 2014-01-05 18:43 - 2013-12-29 23:31 - 00000000 ____D C:\ProgramData\AVG2014 2014-01-05 18:43 - 2013-12-29 23:31 - 00000000 ____D C:\$AVG 2014-01-05 18:43 - 2013-12-14 20:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2014-01-05 18:43 - 2013-05-30 12:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-01-05 18:43 - 2012-12-12 11:50 - 00000000 ____D C:\Program Files (x86)\Serif 2014-01-05 18:43 - 2012-01-18 16:42 - 00000000 ____D C:\ProgramData\Norton 2014-01-05 18:43 - 2012-01-18 16:32 - 00000000 ____D C:\Program Files (x86)\Kobo 2014-01-05 18:43 - 2012-01-18 16:21 - 00000000 ____D C:\ProgramData\WildTangent 2014-01-05 18:43 - 2012-01-18 16:05 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2014-01-05 18:43 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2014-01-05 18:43 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2014-01-05 16:03 - 2014-01-05 16:03 - 00000566 _____ C:\Users\coldharbor1950\Documents\cc_20140105_160310.reg 2014-01-05 08:32 - 2014-01-05 08:32 - 00000890 _____ C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk 2014-01-05 08:32 - 2014-01-05 08:32 - 00000000 ____D C:\Program Files (x86)\NETGEAR 2014-01-05 08:25 - 2014-01-05 08:23 - 00000000 ____D C:\Users\coldharbor1950\Downloads\WNA3100GENIE_Setup_V2.0.0.0_20111226 2014-01-05 08:23 - 2014-01-05 08:21 - 36522836 _____ C:\Users\coldharbor1950\Downloads\WNA3100GENIE_Setup_V2.0.0.0_20111226 (1).zip 2014-01-04 22:36 - 2014-01-04 22:35 - 36522836 _____ C:\Users\coldharbor1950\Downloads\WNA3100GENIE_Setup_V2.0.0.0_20111226.zip 2014-01-04 20:14 - 2014-01-04 20:14 - 00000000 ____D C:\Windows\system32\SRSLabs 2014-01-04 20:14 - 2012-01-18 15:59 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2014-01-04 20:13 - 2014-01-04 20:13 - 41974272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat 2014-01-04 20:13 - 2014-01-04 20:13 - 03760344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2014-01-04 20:13 - 2014-01-04 20:13 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2014-01-04 20:13 - 2014-01-04 20:13 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 00693329 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT 2014-01-04 20:13 - 2014-01-04 20:13 - 00618200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2014-01-04 20:13 - 2014-01-04 20:13 - 00154840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2014-01-04 20:12 - 2014-01-04 20:12 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll 2014-01-04 20:12 - 2014-01-04 20:12 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll 2014-01-04 20:12 - 2014-01-04 20:12 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2014-01-04 20:12 - 2014-01-04 20:12 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll 2014-01-04 20:04 - 2013-12-15 16:47 - 00000000 ____D C:\Program Files\AMD 2014-01-04 20:02 - 2014-01-04 20:02 - 29382144 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 26352128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 24860160 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 22157824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 13207552 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2014-01-04 20:02 - 2014-01-04 20:02 - 08927704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 08406024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 08287008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 07751920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 06630232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 03461040 _____ C:\Windows\SysWOW64\atiumdva.cap 2014-01-04 20:02 - 2014-01-04 20:02 - 03426688 _____ C:\Windows\system32\atiumd6a.cap 2014-01-04 20:02 - 2014-01-04 20:02 - 01100216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00825344 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00721296 _____ C:\Windows\system32\atiicdxx.dat 2014-01-04 20:02 - 2014-01-04 20:02 - 00626176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2014-01-04 20:02 - 2014-01-04 20:02 - 00550456 _____ C:\Windows\SysWOW64\atiapfxx.blb 2014-01-04 20:02 - 2014-01-04 20:02 - 00550456 _____ C:\Windows\system32\atiapfxx.blb 2014-01-04 20:02 - 2014-01-04 20:02 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2014-01-04 20:02 - 2014-01-04 20:02 - 00234036 _____ C:\Windows\system32\ativvaxy_cik.dat 2014-01-04 20:02 - 2014-01-04 20:02 - 00233776 _____ C:\Windows\system32\ativvaxy_cik_nd.dat 2014-01-04 20:02 - 2014-01-04 20:02 - 00230912 _____ C:\Windows\system32\clinfo.exe 2014-01-04 20:02 - 2014-01-04 20:02 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00129536 _____ (AMD) C:\Windows\system32\coinst_13.251.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00115512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00099840 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00083552 _____ C:\Windows\system32\ativce02.dat 2014-01-04 20:02 - 2014-01-04 20:02 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00074752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00063488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00057344 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00047887 _____ C:\Windows\atiogl.xml 2014-01-04 20:02 - 2014-01-04 20:02 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2014-01-04 20:02 - 2014-01-04 20:02 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll 2014-01-04 20:02 - 2013-10-08 06:53 - 00588288 _____ (AMD) C:\Windows\system32\atieclxx.exe 2014-01-04 20:02 - 2013-10-08 06:52 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2014-01-04 20:02 - 2013-10-08 06:28 - 01144320 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2014-01-04 20:02 - 2012-01-18 15:49 - 09753752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll 2014-01-04 20:02 - 2012-01-18 15:49 - 01318552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2014-01-04 20:02 - 2012-01-18 15:49 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2014-01-04 10:59 - 2012-11-25 15:11 - 00000274 _____ C:\Windows\Tasks\HP Photo Creations Messager.job 2014-01-04 09:32 - 2013-01-17 20:20 - 00003224 _____ C:\Windows\System32\Tasks\{A392A7FD-2720-4E0D-ADC3-8ABC66C14CFE} 2014-01-04 09:32 - 2012-11-25 15:11 - 00003154 _____ C:\Windows\System32\Tasks\HP Photo Creations Messager 2014-01-04 09:17 - 2012-10-30 02:03 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\Skype 2014-01-03 19:44 - 2014-01-03 19:44 - 00659968 _____ C:\Users\coldharbor1950\Downloads\MicrosoftFixit50195.msi 2014-01-03 19:39 - 2014-01-03 19:38 - 02077392 _____ (Microsoft Corporation) C:\Users\coldharbor1950\Downloads\IE11-Windows6.1.exe 2014-01-03 19:08 - 2014-01-03 19:08 - 00000474 _____ C:\Users\coldharbor1950\Documents\cc_20140103_190814.reg 2014-01-03 17:52 - 2013-10-08 07:28 - 00001142 _____ C:\Users\Public\Desktop\Driver Booster.lnk 2014-01-03 17:30 - 2013-12-13 21:42 - 00000000 ____D C:\AMD 2014-01-03 17:28 - 2014-01-03 17:28 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat 2014-01-03 17:28 - 2014-01-03 17:28 - 00204952 _____ C:\Windows\system32\ativvsvl.dat 2014-01-03 17:28 - 2014-01-03 17:28 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat 2014-01-03 17:28 - 2014-01-03 17:28 - 00157144 _____ C:\Windows\system32\ativvsva.dat 2014-01-03 17:28 - 2014-01-03 17:28 - 00129536 _____ (AMD) C:\Windows\system32\coinst_13.20.dll 2014-01-03 12:34 - 2014-01-03 12:34 - 00000448 _____ C:\Users\coldharbor1950\Documents\cc_20140103_123406.reg 2014-01-02 15:07 - 2014-01-02 15:07 - 00010945 _____ C:\Users\coldharbor1950\Documents\hijackthis 010214 3 2014-01-02 14:55 - 2014-01-02 14:55 - 00007590 _____ C:\Users\coldharbor1950\Documents\cc_20140102_145552.reg 2014-01-02 14:48 - 2014-01-02 14:48 - 01402880 _____ C:\Users\coldharbor1950\Downloads\HijackThis_v2.0.5-Beta (1).msi 2014-01-02 14:44 - 2014-01-02 14:44 - 01402880 _____ C:\Users\coldharbor1950\Downloads\HijackThis_v2.0.5-Beta.msi 2014-01-02 14:40 - 2013-12-31 11:35 - 00000000 ____D C:\Users\coldharbor1950\Downloads\hijackthis_sfx 2014-01-02 14:31 - 2014-01-02 14:31 - 01402880 _____ C:\Users\coldharbor1950\Downloads\HiJackThis.msi 2014-01-02 14:18 - 2012-10-20 16:31 - 00000000 ____D C:\Users\Public\Phantom EFX 2014-01-02 14:03 - 2012-11-07 09:14 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\SoftGrid Client 2014-01-02 13:59 - 2012-01-18 16:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2014-01-02 13:49 - 2012-01-18 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2014-01-02 13:26 - 2014-01-02 13:26 - 00011832 _____ C:\Users\coldharbor1950\Documents\hijackthis 010214.txt 2014-01-02 12:24 - 2014-01-02 12:24 - 00000320 _____ C:\Users\coldharbor1950\Documents\cc_20140102_122430.reg 2014-01-02 10:33 - 2013-11-19 20:22 - 00000000 ____D C:\ProgramData\ProductData 2014-01-01 18:58 - 2014-01-01 18:58 - 00002646 _____ C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blog _ RoboForm Blog Home.lnk 2014-01-01 18:42 - 2012-10-22 09:25 - 00003600 _____ C:\Windows\System32\Tasks\Open URL by RoboForm 2014-01-01 18:34 - 2012-10-22 09:25 - 00003508 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon 2014-01-01 18:32 - 2014-01-01 18:32 - 00000000 ____D C:\Program Files (x86)\Siber Systems 2014-01-01 14:54 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default 2014-01-01 14:44 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini 2014-01-01 14:39 - 2009-07-13 20:34 - 82198528 _____ C:\Windows\system32\config\SOFTWARE.bak 2014-01-01 14:39 - 2009-07-13 20:34 - 15990784 _____ C:\Windows\system32\config\SYSTEM.bak 2014-01-01 14:39 - 2009-07-13 20:34 - 04956160 _____ C:\Windows\system32\config\DEFAULT.bak 2014-01-01 14:39 - 2009-07-13 20:34 - 00061440 _____ C:\Windows\system32\config\SAM.bak 2014-01-01 14:39 - 2009-07-13 20:34 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak 2014-01-01 12:25 - 2014-01-01 12:25 - 00003180 _____ C:\Windows\System32\Tasks\{F876F0D1-9074-4454-9507-B66E6F1F41E7} 2014-01-01 12:24 - 2014-01-01 12:24 - 00003158 _____ C:\Windows\System32\Tasks\{EE712E68-F096-4268-BEA8-CD4258B2BEB8} 2013-12-31 18:54 - 2013-12-31 18:54 - 00012248 _____ C:\Users\coldharbor1950\Documents\HiJackThis Scan 3 reg.txt 2013-12-31 13:00 - 2013-12-31 13:00 - 00650240 _____ C:\Users\coldharbor1950\Downloads\MicrosoftFixit50199.msi 2013-12-31 12:58 - 2013-12-31 12:57 - 00186880 _____ (CEXX.ORG) C:\Users\coldharbor1950\Downloads\LSPFix.exe 2013-12-31 12:42 - 2013-12-31 12:42 - 00012141 _____ C:\Users\coldharbor1950\Documents\hijackthis 123113 Safe Clean 1 2013-12-31 12:10 - 2013-12-31 12:10 - 00012248 _____ C:\Users\coldharbor1950\Documents\hijackthis 123113 Safe.txt 2013-12-31 11:42 - 2013-12-31 11:42 - 00812344 _____ (Trend Micro Inc.) C:\Users\coldharbor1950\Downloads\HJTInstall.exe 2013-12-31 11:40 - 2013-12-31 11:40 - 00013948 _____ C:\Users\coldharbor1950\Documents\hijackthis 123113 1 2013-12-31 11:24 - 2012-11-09 21:49 - 00000000 ____D C:\ProgramData\IObit 2013-12-31 08:26 - 2013-12-31 08:26 - 00000000 ____D C:\Program Files\7-Zip 2013-12-31 08:24 - 2013-12-31 08:24 - 01376768 _____ C:\Users\coldharbor1950\Downloads\7z920-x64.msi 2013-12-31 08:20 - 2013-12-31 08:20 - 00011340 _____ C:\Users\coldharbor1950\Documents\cc_20131231_082033.reg 2013-12-31 07:49 - 2013-12-31 07:49 - 00251392 _____ C:\Users\coldharbor1950\Downloads\hijackthis_sfx (1).exe 2013-12-30 19:53 - 2013-12-30 19:52 - 14221336 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup.exe 2013-12-30 18:12 - 2013-12-30 18:12 - 00001208 _____ C:\Users\coldharbor1950\Desktop\adwcleaner - Shortcut.lnk 2013-12-30 18:11 - 2013-12-30 18:11 - 01233962 _____ C:\Users\coldharbor1950\Downloads\adwcleaner.exe 2013-12-30 11:49 - 2013-06-20 08:31 - 00000000 ____D C:\Windows\pss 2013-12-30 10:19 - 2012-06-09 13:13 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\VirtualStore 2013-12-30 10:18 - 2013-12-30 10:18 - 00251392 _____ C:\Users\coldharbor1950\Downloads\hijackthis_sfx.exe 2013-12-30 08:46 - 2013-06-28 10:26 - 00000000 ____D C:\Program Files\WinZip 2013-12-30 08:44 - 2013-12-30 08:44 - 00000000 ____D C:\Windows\CD95F661A5C444F5A6AAECDD91C240DB.TMP 2013-12-29 23:51 - 2013-12-14 21:46 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Avg2014 2013-12-29 23:35 - 2013-12-29 23:35 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\AVG2014 2013-12-29 23:34 - 2013-12-29 23:34 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute 2013-12-29 23:33 - 2013-12-29 23:33 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\TuneUp Software 2013-12-29 23:27 - 2013-12-29 23:26 - 04436952 _____ (AVG Technologies) C:\Users\coldharbor1950\Downloads\avg_isct_stb_all_2014_4259.exe 2013-12-29 19:59 - 2012-10-14 10:51 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-29 19:59 - 2012-10-14 10:51 - 00000000 ____D C:\Program Files\CCleaner 2013-12-29 19:58 - 2013-12-29 19:58 - 04645232 _____ (Piriform Ltd) C:\Users\coldharbor1950\Downloads\ccsetup409.exe 2013-12-29 10:48 - 2013-12-29 10:48 - 06618910 _____ C:\Users\coldharbor1950\Downloads\Windows_Tweaks_Guide.zip 2013-12-29 10:48 - 2013-12-29 10:48 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\WinZip 2013-12-29 10:48 - 2013-06-28 10:27 - 00000000 ____D C:\ProgramData\WinZip 2013-12-29 10:39 - 2012-11-09 22:04 - 00001132 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk 2013-12-29 10:38 - 2013-12-29 10:38 - 05026656 _____ (IObit ) C:\Users\coldharbor1950\Downloads\defragsetup-pro.exe 2013-12-29 10:33 - 2013-12-29 10:31 - 13086648 _____ (IObit ) C:\Users\coldharbor1950\Downloads\driver_booster_setup.exe 2013-12-25 23:34 - 2013-11-19 20:23 - 00001175 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk 2013-12-22 01:07 - 2012-12-19 19:08 - 00003240 _____ C:\Windows\System32\Tasks\HPCeeScheduleForcoldharbor1950 2013-12-22 01:07 - 2012-12-19 19:08 - 00000368 _____ C:\Windows\Tasks\HPCeeScheduleForcoldharbor1950.job 2013-12-21 16:50 - 2013-12-21 16:50 - 00000870 _____ C:\Users\coldharbor1950\Documents\cc_20131221_165036.reg 2013-12-19 18:21 - 2013-12-19 18:21 - 00003516 _____ C:\Users\coldharbor1950\Documents\cc_20131219_182144.reg 2013-12-19 18:20 - 2013-12-19 12:57 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-12-19 18:20 - 2012-01-18 16:19 - 00000000 ____D C:\ProgramData\Skype 2013-12-19 17:45 - 2013-05-13 20:24 - 00008704 ___SH C:\Users\coldharbor1950\Thumbs.db 2013-12-19 12:57 - 2013-12-19 12:57 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk 2013-12-19 12:05 - 2013-12-19 12:05 - 00023546 _____ C:\Users\coldharbor1950\Documents\Go Fund Me.odt 2013-12-18 09:53 - 2012-11-09 21:49 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\IObit 2013-12-18 09:41 - 2013-12-17 21:26 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-18 09:41 - 2013-12-17 21:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-18 09:37 - 2013-12-18 09:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\coldharbor1950\Downloads\mbam-consumer.exe 2013-12-18 09:30 - 2013-12-18 09:30 - 00006186 _____ C:\Users\coldharbor1950\Documents\cc_20131218_093018.reg 2013-12-17 22:43 - 2013-12-15 15:24 - 00000000 ____D C:\Program Files (x86)\DriverUpdate 2013-12-17 19:11 - 2013-12-15 15:25 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys 2013-12-17 19:10 - 2013-05-30 13:33 - 00000000 ____D C:\Windows\ERUNT 2013-12-17 19:10 - 2013-02-08 16:21 - 00000000 ____D C:\ProgramData\pdf995 2013-12-17 19:10 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration 2013-12-17 19:09 - 2012-12-07 09:43 - 00000000 ____D C:\ProgramData\Real 2013-12-17 07:31 - 2013-12-17 07:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\coldharbor1950\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-16 21:47 - 2013-12-16 21:44 - 93473560 _____ (Microsoft Corporation) C:\Users\coldharbor1950\Downloads\msert.exe 2013-12-16 18:12 - 2013-12-16 18:13 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-12-16 18:12 - 2013-12-16 18:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-12-16 18:12 - 2013-12-16 18:13 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-12-16 18:12 - 2013-12-16 18:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-12-16 18:12 - 2013-12-16 18:12 - 00000000 ____D C:\Program Files (x86)\Java 2013-12-16 18:10 - 2013-12-16 18:10 - 00915368 _____ (Oracle Corporation) C:\Users\coldharbor1950\Downloads\chromeinstall-7u45.exe 2013-12-16 17:38 - 2013-12-16 17:38 - 00012076 _____ C:\Users\coldharbor1950\Documents\cc_20131216_173610.reg 2013-12-16 17:36 - 2013-12-16 17:36 - 00000082 _____ C:\Users\coldharbor1950\Documents\cc_20131216_173558.reg 2013-12-16 17:29 - 2012-06-09 13:13 - 00000000 ___RD C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-16 11:19 - 2012-12-12 11:38 - 00000000 ___HD C:\Users\coldharbor1950\AppData\Local\CRE 2013-12-16 10:07 - 2013-01-08 19:21 - 00000000 ____D C:\Users\coldharbor1950\Downloads\Tuna Casserole Recipe_files 2013-12-16 08:48 - 2013-12-16 08:46 - 25647320 _____ (Microsoft Corporation) C:\Users\coldharbor1950\Downloads\Windows-KB890830-x64-V5.7.exe 2013-12-15 19:01 - 2011-02-11 11:15 - 00775482 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-15 18:20 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\system32\MRT 2013-12-15 17:12 - 2012-10-15 22:52 - 00000000 ____D C:\ProgramData\AVAST Software 2013-12-15 16:55 - 2013-12-15 16:55 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-12-15 16:47 - 2013-12-15 16:47 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2013-12-15 16:47 - 2013-12-15 16:47 - 00000000 ____D C:\Program Files (x86)\AMD 2013-12-15 16:47 - 2013-12-15 16:43 - 00000000 ____D C:\ProgramData\AMD 2013-12-15 16:46 - 2013-12-15 16:46 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201312151646310228.log 2013-12-15 16:45 - 2013-12-13 21:44 - 00000000 ____D C:\Program Files\ATI Technologies 2013-12-15 16:42 - 2012-01-18 16:08 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2013-12-15 16:38 - 2013-12-13 21:46 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-15 15:25 - 2013-12-15 15:25 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\SlimWare Utilities Inc 2013-12-15 15:24 - 2013-12-15 15:24 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-12-15 09:09 - 2012-10-15 22:53 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-12-15 08:59 - 2009-07-13 21:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-12-15 08:59 - 2009-07-13 21:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-12-15 08:59 - 2009-07-13 21:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-12-15 08:59 - 2009-07-13 21:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-12-15 08:58 - 2013-12-14 12:34 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-12-15 08:58 - 2013-11-03 15:26 - 00000000 ____D C:\Users\coldharbor1950\Desktop\OpenOffice 4.0.1 (en-US) Installation Files 2013-12-15 08:58 - 2013-05-08 18:16 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\Scribus 2013-12-15 08:58 - 2013-05-08 17:16 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\SmartDraw 2013-12-15 08:58 - 2013-03-30 19:24 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2013-12-15 08:58 - 2013-02-08 16:31 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\pdf995 2013-12-15 08:58 - 2013-01-05 10:28 - 00000000 ____D C:\Users\coldharbor1950\Desktop\H&R Block At Home Deluxe + State 2012 2013-12-15 08:58 - 2012-12-28 20:07 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Downloaded Installations 2013-12-15 08:58 - 2012-12-28 19:49 - 00000000 ____D C:\Users\coldharbor1950\Downloads\Nikon 2013-12-15 08:58 - 2012-11-25 15:07 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\HP 2013-12-15 08:58 - 2012-11-10 13:38 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\Masque 2013-12-15 08:58 - 2012-11-07 09:13 - 00000000 ____D C:\Program Files\Microsoft Office 2013-12-15 08:58 - 2012-11-07 09:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-12-15 08:58 - 2012-10-11 16:17 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Apps\2.0 2013-12-15 08:58 - 2012-06-09 13:08 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\RemEngine 2013-12-15 08:58 - 2012-06-09 13:08 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Hewlett-Packard_Company 2013-12-15 08:58 - 2012-06-09 13:07 - 00000000 ___RD C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-12-15 08:58 - 2012-06-09 13:07 - 00000000 ___RD C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-12-15 08:58 - 2012-06-09 13:07 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Hewlett-Packard 2013-12-15 08:58 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat 2013-12-15 08:57 - 2010-11-21 01:16 - 00000000 __RHD C:\Users\Public\Recorded TV 2013-12-15 08:54 - 2013-01-18 20:44 - 00000000 ____D C:\Users\Public\StoryRock 2013-12-15 08:54 - 2012-01-18 16:32 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2013-12-15 08:54 - 2012-01-18 16:32 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2013-12-15 08:52 - 2013-07-31 17:10 - 00000000 ____D C:\Users\coldharbor1950\Documents\Fax 2013-12-15 08:52 - 2012-10-12 15:06 - 00000000 ____D C:\Users\coldharbor1950\Documents\Documents on Kristine Emerson's ES400 2013-12-15 08:51 - 2013-12-01 15:45 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\OpenOffice 2013-12-15 08:51 - 2013-01-05 10:37 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\TaxCut 2013-12-15 08:51 - 2012-12-21 09:08 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\OpenOffice.org 2013-12-15 08:51 - 2012-12-12 13:30 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\Serif 2013-12-15 08:51 - 2012-12-12 11:37 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\Mozilla 2013-12-15 08:51 - 2012-12-07 09:45 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\Real 2013-12-15 08:51 - 2012-06-09 13:07 - 00000000 ____D C:\Users\coldharbor1950\AppData\Roaming\Macromedia 2013-12-15 08:50 - 2013-03-30 19:23 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Amazon 2013-12-15 08:50 - 2012-10-11 16:19 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Google 2013-12-15 08:50 - 2012-06-09 13:27 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Microsoft Games 2013-12-15 08:48 - 2012-10-11 16:19 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-14 21:51 - 2013-12-14 21:51 - 00000000 ____D C:\Program Files (x86)\AVG 2013-12-14 21:46 - 2013-12-14 21:46 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\MFAData 2013-12-14 20:13 - 2013-12-14 20:13 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Macromedia 2013-12-14 20:11 - 2013-12-14 20:10 - 00000000 ____D C:\Users\coldharbor1950\AppData\Local\Mozilla 2013-12-14 20:10 - 2013-12-14 20:10 - 00000000 ____D C:\ProgramData\Mozilla 2013-12-14 19:09 - 2013-12-14 19:09 - 00000000 ___HD C:\Users\coldharbor1950\Documents\Add-in Express 2013-12-14 16:03 - 2013-12-14 16:03 - 00000000 ___HD C:\Users\coldharbor1950\AppData\Roaming\Malwarebytes 2013-12-14 16:02 - 2013-12-14 16:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-14 12:44 - 2013-12-14 12:44 - 00000000 ___HD C:\Users\coldharbor1950\Downloads\Xanga Archives 2013-12-14 12:30 - 2013-12-14 12:30 - 06210282 ____H C:\Users\coldharbor1950\Downloads\55381_1.zip 2013-12-13 21:31 - 2013-12-13 21:31 - 00791552 _____ (AMD) C:\Users\coldharbor1950\Downloads\amddriverdownloader.exe 2013-12-13 20:32 - 2013-03-06 08:13 - 00000000 ___HD C:\Users\coldharbor1950\AppData\Local\Adobe 2013-12-13 20:31 - 2012-12-28 22:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-13 20:31 - 2012-10-24 20:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-13 20:31 - 2012-01-18 16:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-13 20:27 - 2012-11-22 08:05 - 00000000 ____D C:\ProgramData\Adobe 2013-12-13 19:12 - 2013-12-13 19:12 - 00000017 ____H C:\Users\coldharbor1950\Documents\VIN Nick.txt ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-09 00:23 ==================== End Of Log ============================