Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow computer, can't seem to shake whatever has infected it!


  • Please log in to reply

#1
krisinluck

krisinluck

    Member

  • Member
  • PipPipPip
  • 116 posts
I've been working on getting this Windows 7 desktop working like I'm used to for the last four weeks.

First sign that things weren't quite right was over a month ago. I couldn't access my online banking unless I was on a fresh reboot.

Then Java stopped working. Then the AMD module went crazy.

I found Spigot on my computer. Spigot appears to be cleaned out now from what I can tell on my own.

I got those things settled. I downloaded AVG, and ran a full scan. Cleared some of it. Not done yet. I deleted several games that I don't play anymore - I see there are still files for them on the OTL text that is attached. I haven't used Avast for a long time now, but that still shows as well.

I get decent running time for a bit on the computer...it worked well 01/04 until yesterday about six in the evening. Now we are back to very choppy speeds. At times pages I am on just "stop responding" for a minute or so.



OTL logfile created on: 1/6/2014 7:27:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\coldharbor1950\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 50.12% Memory free
7.20 Gb Paging File | 4.91 Gb Available in Paging File | 68.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.07 Gb Total Space | 404.47 Gb Free Space | 90.07% Space Free | Partition Type: NTFS
Drive D: | 16.59 Gb Total Space | 2.04 Gb Free Space | 12.29% Space Free | Partition Type: NTFS

Computer Name: ICELAND | User Name: coldharbor1950 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/06 19:26:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.exe
PRC - [2014/01/01 18:31:54 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013/12/06 17:00:20 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/03 20:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/03 16:10:24 | 000,775,968 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/15 12:38:50 | 002,053,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2013/09/24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2011/08/16 16:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 16:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 11:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/15 22:05:26 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5fe10bae336585d4703262f1f2d110ee\System.IdentityModel.ni.dll
MOD - [2013/12/15 22:05:17 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5bca89765ee92dd6018c3782247dba9b\System.ServiceModel.ni.dll
MOD - [2013/12/15 22:02:49 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\377a75997ea18bb39d12c95b9e214ae4\ReachFramework.ni.dll
MOD - [2013/12/15 19:08:36 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll
MOD - [2013/12/15 19:08:05 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll
MOD - [2013/12/15 19:07:55 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\66ce786a0b16af8c3f5c480cd6e84376\System.Runtime.Serialization.ni.dll
MOD - [2013/12/15 19:07:55 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3b483737ce19c597d351cdb1f4eb3da0\System.ServiceModel.Internals.ni.dll
MOD - [2013/12/15 19:07:55 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\5c250132c9d7fb45ec9b331ec2e4ef2e\SMDiagnostics.ni.dll
MOD - [2013/12/15 19:07:52 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll
MOD - [2013/12/15 19:07:25 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll
MOD - [2013/12/15 19:06:42 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll
MOD - [2013/12/15 19:06:38 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll
MOD - [2013/12/15 19:06:24 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll
MOD - [2013/12/15 19:06:18 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll
MOD - [2013/12/15 19:05:57 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll
MOD - [2013/12/03 20:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 20:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 20:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 20:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 20:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 20:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/15 12:37:58 | 000,048,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/04 20:13:05 | 000,289,496 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2014/01/04 20:02:05 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/08 09:34:38 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/13 20:31:24 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2011/09/09 19:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/16 16:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 11:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/04 20:02:05 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/01/04 20:02:05 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/12/17 19:11:58 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/12/15 16:55:13 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/07/04 15:59:26 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/31 18:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 18:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/02/11 22:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/11/09 22:00:39 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/09 22:00:39 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/11/09 22:00:39 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 15:49:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/18 15:49:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/23 09:53:10 | 000,104,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/12/12 17:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 10:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/16 03:41:55 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/03 11:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{4F1149B4-DD36-468D-A3A7-B9D541595DEF}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope = {E219F0D6-5A63-457B-B675-FF672BE811C8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{BFEA6F40-07F2-4574-AA8F-7735F594B606}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{E219F0D6-5A63-457B-B675-FF672BE811C8}: "URL" = http://search.condui...8737229319&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/12/17 19:10:05 | 000,000,000 | ---D | M]

[2013/12/14 20:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Extensions
[2013/12/15 08:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\extensions
[2013/12/15 08:58:46 | 000,000,000 | ---D | M] (Serif PhotoPlus) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\extensions\{8f2767f8-338a-4258-bd1c-4de5a3d8cdb2}
[2013/12/25 23:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\Profiles\d9ahv30v.default\extensions
[2013/12/25 23:34:08 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\Profiles\d9ahv30v.default\extensions\[email protected]
[2013/12/14 20:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/14 20:10:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.c...r/render?tab=Xc
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Bejeweled = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Google Docs = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_0\
CHR - Extension: Pinterest = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_0\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\2.1_0\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2014/01/01 14:43:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C336497-8C6C-437A-A03B-AB203EB0C7AC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/06 19:26:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.exe
[2014/01/06 18:40:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/05 18:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/01/05 18:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2014/01/05 08:32:30 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2014/01/05 08:32:30 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\Packet.dll
[2014/01/05 08:32:30 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2014/01/05 08:32:29 | 000,025,056 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
[2014/01/05 08:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Genie
[2014/01/05 08:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2014/01/05 08:23:45 | 038,094,267 | ---- | C] (Acresso Software Inc. ) -- C:\Users\coldharbor1950\Desktop\Setup.exe
[2014/01/04 20:14:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2014/01/04 20:13:08 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/01/04 20:13:08 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/01/04 20:12:55 | 002,743,328 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/01/04 20:12:53 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/01/04 20:02:07 | 000,129,536 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_13.251.dll
[2014/01/04 20:02:06 | 000,190,976 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2014/01/04 20:02:05 | 000,031,232 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2014/01/04 20:02:04 | 000,063,488 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/01/04 20:02:04 | 000,057,344 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/01/03 17:28:42 | 000,129,536 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_13.20.dll
[2014/01/02 14:53:23 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2014/01/01 18:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2014/01/01 18:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2014/01/01 14:54:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/01 14:13:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/12/31 11:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2013/12/31 11:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/12/31 08:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/12/31 08:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/12/29 23:35:20 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Roaming\AVG2014
[2013/12/29 23:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/12/29 23:33:06 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Roaming\TuneUp Software
[2013/12/29 23:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/12/29 23:31:05 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/12/29 10:48:47 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Local\WinZip
[2013/12/29 10:40:05 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013/12/25 23:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2013/12/19 12:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/12/19 12:57:24 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/12/19 12:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/12/17 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/17 21:26:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/17 21:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/17 16:09:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/16 18:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/12/16 18:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/12/16 18:12:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/12/15 18:58:33 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/15 16:55:24 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/12/15 16:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/12/15 16:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2013/12/15 16:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2013/12/15 16:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2013/12/15 16:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013/12/15 15:25:10 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Local\SlimWare Utilities Inc
[2013/12/15 15:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2013/12/15 15:24:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/12/14 21:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/12/14 21:46:17 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Local\MFAData
[2013/12/14 21:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/12/14 21:46:17 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Local\Avg2014
[2013/12/14 20:13:29 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Local\Macromedia
[2013/12/14 20:10:59 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Local\Mozilla
[2013/12/14 20:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/12/14 20:10:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/14 19:11:46 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013/12/14 19:09:33 | 000,000,000 | -H-D | C] -- C:\Users\coldharbor1950\Documents\Add-in Express
[2013/12/14 16:03:23 | 000,000,000 | -H-D | C] -- C:\Users\coldharbor1950\AppData\Roaming\Malwarebytes
[2013/12/14 16:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/14 12:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013/12/13 21:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/12/13 21:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/12/13 21:42:21 | 000,000,000 | ---D | C] -- C:\AMD
[2013/12/10 09:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/12/10 09:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/12/10 09:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/06 19:26:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.exe
[2014/01/06 19:14:23 | 000,011,821 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\hijackthis 01062014 1
[2014/01/06 19:11:45 | 000,003,015 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\HiJackThis.lnk
[2014/01/06 19:05:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/06 19:04:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/06 18:03:32 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 18:03:32 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 18:03:12 | 000,783,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/06 18:03:12 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/06 18:03:12 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/06 17:57:33 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/01/06 17:57:07 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 17:55:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/06 17:55:43 | 2899,214,336 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/06 16:12:36 | 000,011,231 | ---- | M] () -- C:\Users\coldharbor1950\Documents\hijackthis 010614 Safe
[2014/01/06 11:30:05 | 000,000,384 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140106_112925.reg
[2014/01/05 18:57:15 | 000,333,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/05 18:56:01 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/01/05 16:03:17 | 000,000,566 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140105_160310.reg
[2014/01/05 08:32:28 | 000,000,908 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
[2014/01/05 08:32:28 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk
[2014/01/04 20:13:09 | 000,211,184 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/01/04 20:13:08 | 000,198,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/01/04 20:13:03 | 000,693,329 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/01/04 20:12:55 | 002,743,328 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/01/04 20:12:53 | 000,113,576 | ---- | M] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/01/04 20:02:07 | 000,234,036 | ---- | M] () -- C:\Windows\SysNative\ativvaxy_cik.dat
[2014/01/04 20:02:07 | 000,233,776 | ---- | M] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat
[2014/01/04 20:02:07 | 000,230,912 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2014/01/04 20:02:07 | 000,129,536 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_13.251.dll
[2014/01/04 20:02:07 | 000,083,552 | ---- | M] () -- C:\Windows\SysNative\ativce02.dat
[2014/01/04 20:02:06 | 003,461,040 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2014/01/04 20:02:06 | 003,426,688 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2014/01/04 20:02:06 | 000,190,976 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2014/01/04 20:02:05 | 000,721,296 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2014/01/04 20:02:05 | 000,588,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2014/01/04 20:02:05 | 000,239,616 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2014/01/04 20:02:05 | 000,047,887 | ---- | M] () -- C:\Windows\atiogl.xml
[2014/01/04 20:02:05 | 000,031,232 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2014/01/04 20:02:04 | 000,550,456 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2014/01/04 20:02:04 | 000,550,456 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2014/01/04 20:02:04 | 000,063,488 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/01/04 20:02:04 | 000,057,344 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/01/04 10:59:46 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2014/01/03 19:08:20 | 000,000,474 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140103_190814.reg
[2014/01/03 17:52:34 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster.lnk
[2014/01/03 17:28:42 | 000,129,536 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_13.20.dll
[2014/01/03 17:28:41 | 000,204,952 | ---- | M] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/01/03 17:28:41 | 000,204,952 | ---- | M] () -- C:\Windows\SysNative\ativvsvl.dat
[2014/01/03 17:28:41 | 000,157,144 | ---- | M] () -- C:\Windows\SysWow64\ativvsva.dat
[2014/01/03 17:28:41 | 000,157,144 | ---- | M] () -- C:\Windows\SysNative\ativvsva.dat
[2014/01/03 12:34:14 | 000,000,448 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140103_123406.reg
[2014/01/02 15:07:27 | 000,010,945 | ---- | M] () -- C:\Users\coldharbor1950\Documents\hijackthis 010214 3
[2014/01/02 14:55:59 | 000,007,590 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140102_145552.reg
[2014/01/02 12:24:39 | 000,000,320 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140102_122430.reg
[2014/01/01 14:43:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/31 12:42:03 | 000,012,141 | ---- | M] () -- C:\Users\coldharbor1950\Documents\hijackthis 123113 Safe Clean 1
[2013/12/31 11:40:46 | 000,013,948 | ---- | M] () -- C:\Users\coldharbor1950\Documents\hijackthis 123113 1
[2013/12/31 08:20:45 | 000,011,340 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20131231_082033.reg
[2013/12/30 18:12:40 | 000,001,208 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\adwcleaner - Shortcut.lnk
[2013/12/29 19:59:29 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/29 10:39:50 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2013/12/25 23:39:03 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2013/12/25 23:34:05 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[2013/12/22 01:07:04 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForcoldharbor1950.job
[2013/12/21 16:50:48 | 000,000,870 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20131221_165036.reg
[2013/12/20 20:06:13 | 000,344,240 | ---- | M] () -- C:\Users\coldharbor1950\Documents\Palmer Cover Letter.jpg
[2013/12/19 18:21:52 | 000,003,516 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20131219_182144.reg
[2013/12/19 12:57:25 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/19 12:05:34 | 000,023,546 | ---- | M] () -- C:\Users\coldharbor1950\Documents\Go Fund Me.odt
[2013/12/18 09:41:03 | 000,001,095 | ---- | M] () -- C:\Users\coldharbor1950\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/12/18 09:41:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/18 09:30:25 | 000,006,186 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20131218_093018.reg
[2013/12/17 19:11:58 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/12/16 17:38:16 | 000,012,076 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20131216_173610.reg
[2013/12/16 17:36:02 | 000,000,082 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20131216_173558.reg
[2013/12/15 19:01:23 | 000,775,482 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/15 16:55:13 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/12/10 08:16:26 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/10 08:16:25 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/06 19:14:23 | 000,011,821 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\hijackthis 01062014 1
[2014/01/06 19:11:45 | 000,003,015 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\HiJackThis.lnk
[2014/01/06 16:12:35 | 000,011,231 | ---- | C] () -- C:\Users\coldharbor1950\Documents\hijackthis 010614 Safe
[2014/01/06 11:29:56 | 000,000,384 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140106_112925.reg
[2014/01/05 18:57:01 | 000,333,712 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/05 18:56:01 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/01/05 16:03:14 | 000,000,566 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140105_160310.reg
[2014/01/05 08:32:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2014/01/05 08:32:28 | 000,000,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
[2014/01/05 08:32:28 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk
[2014/01/04 20:13:03 | 000,693,329 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/01/04 20:02:07 | 000,234,036 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik.dat
[2014/01/04 20:02:07 | 000,233,776 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat
[2014/01/04 20:02:07 | 000,230,912 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2014/01/04 20:02:07 | 000,083,552 | ---- | C] () -- C:\Windows\SysNative\ativce02.dat
[2014/01/04 20:02:06 | 003,461,040 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2014/01/04 20:02:06 | 003,426,688 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2014/01/04 20:02:05 | 000,721,296 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2014/01/04 20:02:05 | 000,047,887 | ---- | C] () -- C:\Windows\atiogl.xml
[2014/01/04 20:02:04 | 000,550,456 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2014/01/04 20:02:04 | 000,550,456 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2014/01/03 19:08:18 | 000,000,474 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140103_190814.reg
[2014/01/03 17:28:41 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/01/03 17:28:41 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2014/01/03 17:28:41 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014/01/03 17:28:41 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2014/01/03 12:34:11 | 000,000,448 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140103_123406.reg
[2014/01/02 15:07:27 | 000,010,945 | ---- | C] () -- C:\Users\coldharbor1950\Documents\hijackthis 010214 3
[2014/01/02 14:55:58 | 000,007,590 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140102_145552.reg
[2014/01/02 12:24:36 | 000,000,320 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140102_122430.reg
[2014/01/01 18:58:14 | 000,002,646 | ---- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blog _ RoboForm Blog Home.lnk
[2013/12/31 12:42:03 | 000,012,141 | ---- | C] () -- C:\Users\coldharbor1950\Documents\hijackthis 123113 Safe Clean 1
[2013/12/31 11:40:46 | 000,013,948 | ---- | C] () -- C:\Users\coldharbor1950\Documents\hijackthis 123113 1
[2013/12/31 08:20:41 | 000,011,340 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20131231_082033.reg
[2013/12/30 18:12:40 | 000,001,208 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\adwcleaner - Shortcut.lnk
[2013/12/29 10:39:50 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/12/21 16:50:42 | 000,000,870 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20131221_165036.reg
[2013/12/20 20:06:13 | 000,344,240 | ---- | C] () -- C:\Users\coldharbor1950\Documents\Palmer Cover Letter.jpg
[2013/12/19 18:21:50 | 000,003,516 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20131219_182144.reg
[2013/12/19 12:57:25 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/19 12:05:32 | 000,023,546 | ---- | C] () -- C:\Users\coldharbor1950\Documents\Go Fund Me.odt
[2013/12/18 09:41:03 | 000,001,095 | ---- | C] () -- C:\Users\coldharbor1950\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/12/18 09:30:22 | 000,006,186 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20131218_093018.reg
[2013/12/17 21:26:09 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/16 17:38:13 | 000,012,076 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20131216_173610.reg
[2013/12/16 17:36:02 | 000,000,082 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20131216_173558.reg
[2013/12/15 15:25:11 | 000,016,152 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/12/10 08:16:26 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/10 08:16:25 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/10/25 20:53:36 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2013/10/08 09:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/10/08 07:36:07 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/08 07:36:07 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/08/21 21:22:33 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/05/11 10:59:30 | 000,078,697 | -H-- | C] () -- C:\Users\coldharbor1950\Bottom Contact.jpg
[2013/02/08 16:21:10 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2013/02/08 16:21:07 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2013/01/17 22:52:39 | 000,002,147 | -H-- | C] () -- C:\Users\coldharbor1950\PrintMaster-2012-Platinum.prefs
[2012/12/28 20:08:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Gems
[2012/12/28 20:08:52 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Fruit
[2012/12/28 20:08:52 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/12/28 20:07:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Generic
[2012/12/28 20:07:44 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Funk Animals
[2012/12/28 20:07:44 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/12/28 20:07:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Galaxy Swirl
[2012/12/28 20:07:43 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Frameworks
[2012/12/28 20:07:43 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/12/28 20:07:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hip Hop
[2012/12/28 20:07:08 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\HAL
[2012/12/28 20:07:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2012/11/25 15:08:40 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/01/18 15:58:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/21 07:08:26 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\AVAST Software
[2013/12/29 23:35:20 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\AVG2014
[2012/10/19 19:28:23 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\com.masque.slots.IGTSlotsLilLady
[2012/11/25 21:48:36 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Encore
[2013/12/18 09:53:43 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\IObit
[2013/12/15 08:58:43 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Masque
[2013/12/15 08:51:50 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\OpenOffice
[2013/12/15 08:51:49 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\OpenOffice.org
[2013/10/17 08:40:59 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Oracle
[2013/12/15 08:58:46 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\pdf995
[2013/07/13 07:07:21 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\RoboForm
[2013/12/15 08:58:47 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Scribus
[2013/12/15 08:51:53 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Serif
[2013/12/15 08:58:47 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\SmartDraw
[2014/01/02 14:03:16 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\SoftGrid Client
[2012/12/05 12:24:50 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Stardock
[2013/12/15 08:51:56 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TaxCut
[2012/11/07 09:15:21 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TP
[2013/12/29 23:33:06 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TuneUp Software
[2012/10/23 21:16:14 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\WildTangent
[2012/10/11 16:51:54 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 512 bytes -> C:\Users\coldharbor1950\Documents\Butternut Dining Room.ppp:SummaryInformation
@Alternate Data Stream - 384 bytes -> C:\Users\coldharbor1950\Documents\Butternut Dining Room.Spp:SummaryInformation

< End of report >

Attached Files


Edited by RKinner, 07 January 2014 - 01:32 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Uninstall Advanced System Care.


Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.



Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

#3
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
AdwCleaner and JRT were run yesterday, but the reports shown here are from this morning.

AdwCleaner:
# AdwCleaner v3.016 - Report created 07/01/2014 at 09:39:49
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : coldharbor1950 - ICELAND
# Running from : C:\Users\coldharbor1950\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13992 octets] - [17/12/2013 16:09:56]
AdwCleaner[R1].txt - [5843 octets] - [17/12/2013 18:50:12]
AdwCleaner[R2].txt - [1055 octets] - [01/01/2014 11:50:49]
AdwCleaner[R3].txt - [1176 octets] - [02/01/2014 13:12:17]
AdwCleaner[R4].txt - [1301 octets] - [06/01/2014 17:12:19]
AdwCleaner[R5].txt - [1360 octets] - [07/01/2014 09:30:26]
AdwCleaner[S0].txt - [13610 octets] - [17/12/2013 16:16:35]
AdwCleaner[S1].txt - [5774 octets] - [17/12/2013 18:57:16]
AdwCleaner[S2].txt - [1117 octets] - [01/01/2014 11:53:14]
AdwCleaner[S3].txt - [1367 octets] - [06/01/2014 17:14:20]
AdwCleaner[S4].txt - [1282 octets] - [07/01/2014 09:39:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1342 octets] ##########

JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by coldharbor1950 on Tue 01/07/2014 at 10:07:36.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/07/2014 at 10:23:40.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attached File  AdwCleaner 010714.txt   1.39KB   153 downloads

Attached File  JRT 010714.txt   642bytes   142 downloads

Edited by krisinluck, 07 January 2014 - 01:36 PM.

  • 0

#4
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Attached File  FRST.txt   103.66KB   152 downloads

Attached File  Addition.txt   37.64KB   166 downloads

Attached File  ICELAND.txt   224.45KB   181 downloads

Attached File  System Idle Process.txt   6.68KB   207 downloads



I cannot thank you enough!!
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Uninstall Speccy if you haven't already.

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then you should be able to boot into regular mode. Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.

Run Process Explorer again and post the log. Make sure you wait a full minute after starting the program before you save the log.



Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#6
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
I have your reply - I am a bit lost, however, in how to download the FixList to the same location as FRST. FRST is in it's own folder and won't allow me to add the FixList to it.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Frst is on the desktop so just save the fixlist file to the desktop.

Running from C:\Users\coldharbor1950\Desktop


  • 0

#8
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Thank you. I'll hit this in the morning - I had to have my husband of 23 years hauled off to jail for abuse. The booze won this one. I'm as done as a person can be for tonight.

I'll get this done asap tomorrow.
  • 0

#9
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
I'm still here - it's been a long, scary, interesting few days. I'm here, and going to run these things right now and post them. I'm going to reboot before running them. Things are better, but not completely fixed.
  • 0

#10
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Attached File  FRST.txt   75.69KB   144 downloads

FRST scan in safe mode. Rebooted in regular mode now and running the second time as instructed.
  • 0

Advertisements


#11
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Here are the scans run in order of list - please note that the Command Prompt step revealed no issues.

Attached File  FRST (2).txt   78.29KB   138 downloads

Attached File  Fixlog.txt   5.63KB   163 downloads

Attached File  FRST (3).txt   78.1KB   151 downloads

Attached File  Addition.txt   37.44KB   187 downloads

Attached File  System Idle Process.txt   5.55KB   177 downloads

Attached File  VEW.txt   1.08KB   151 downloads
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Something in Process Explorer:

procexp64.exe 15.56 20,464 K 40,164 K 6052 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
...
Interrupts 2.15 0 K 0 K n/a Hardware Interrupts and DPCs



Interrupts being high usually indicates a bad driver. (normal indication is around 1 or less and for some reason this always causes process Explorer to use too much CPU). Interrupts seem to have a much greater effect on the PC than anything else. Try booting into the Safe Mode Menu and select the Low Resolution video option then run Process Explorer and make a new log (remember to wait a full minute before making the log.) Then try rebooting into Safe Mode and make a log there too.

Also could you rerun VEW for Applications and post that log?
  • 0

#13
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Just saw this - running now then posting. I'm working on the road the next three days, but will check here before I leave tomorrow morning.
  • 0

#14
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Okay. Here are requested scans. I will not be at this computer again before Thursday as I am working on the road in a snowstorm again. I will check here when I return home.

Attached File  System Idle Process 1.TXT   1.85KB   146 downloads
Attached File  System Idle Process 2.TXT   5.44KB   196 downloads
Attached File  VEW.txt   10.2KB   169 downloads
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
OK. I'm going on the road for several weeks starting on Thursday so my replies may be delayed too.

The Safe Mode Process Explorer looks good. The Low Resolution Video one looks about the same as the regular one so it's probably not the video driver. Let's run sigverif and see if it finds anything:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Yes then type (with an Enter after the command)

sigverif

Hit the Start button in the new window.

It will run for a minute or two then then list the files that it is not fond of. If it finds anything then hit Close when it finishes and then Advanced then View Log. Edit, Select All (or Ctrl a) then Edit, Copy (or Ctrl c) and paste the text (Ctrl + v) into a reply.
Close SIGVERIF.TXT. Close File Signature Verification. Do not close the Command Window.

Now in the Command Window type (with an Enter after the command)

devmgmt.msc


Now View, Show Hidden Devices

Do you see any with a yellow flag? What are they? (Right click on each yellow flagged item and if the option is there, Uninstall. Then reboot. And go back into Device Manager and see if it is still yellow. Tell me what you see. (or take a screen shot==> Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].

Open Microsoft Paint (All Programs, Accessories,Paint).

Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.

Go to the File Menu and choose Save As.

Navigate to the folder where you want to save the image. (Desktop)

Type a file name for the image: dev

Select a file type. jpeg

Click the Save button.

Attach dev.jpg to your Reply.

(Start a Reply. Click on the Browse button, point it at your desktop and click on dev.jpg then Open. Now click on Attach this File))

Let's also check the boot log:

http://www.techrepub...lp-of-msconfig/

Attach the file C:\Windows\ntbtlog.txt

Get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin. File, Save, to your desktop, autoruns.arn, OK. This file is normally a bit over the forum size limit so will need to be zipped. If you do not have win-zip or 7-zip then get 7-zip from
http://www.7-zip.org/download.html
Download, Save and Run the appropriate msi file for your PC. You want this one:64-bit x64 7-Zip for 64-bit Windows x64 (Intel 64 or AMD64)

Once you have installed you can then right click on autoruns.arn then click on 7-zip, Add to autoruns.zip. It should put the autoruns.zip file in the same directory. Attach it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP