Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search Scopes


  • Please log in to reply

#31
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by coldharbor1950 (administrator) on ICELAND on 22-03-2014 20:33:23
Running from C:\Users\coldharbor1950\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-02-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-387024861-1857405023-142887614-1000\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-03-15] (Siber Systems)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {4F1149B4-DD36-468D-A3A7-B9D541595DEF} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - DefaultScope {71DB2072-787A-4596-A0E5-2E1030999197} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {71DB2072-787A-4596-A0E5-2E1030999197} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-11-25]

Chrome:
=======
CHR HomePage: https://www.google.c...r/render?tab=Xc
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Bejeweled) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-03-19]
CHR Extension: (Google Docs) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-19]
CHR Extension: (Google Drive) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-19]
CHR Extension: (YouTube) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-19]
CHR Extension: (Google Search) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-19]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-03-19]
CHR Extension: (Pin It Button) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-03-19]
CHR Extension: (Social Fixer for Facebook) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-03-19]
CHR Extension: (Office Apps) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke [2014-03-19]
CHR Extension: (Google Mail Checker) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-03-19]
CHR Extension: (Crosswords) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf [2014-03-19]
CHR Extension: (Google Wallet) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-19]
CHR Extension: (Gmail) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-19]
CHR Extension: (RoboForm) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-19]
CHR HKCU\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\coldharbor1950\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx [2014-03-19]
CHR HKCU\...\Chrome\Extension: [eijoglodfkeicibboibphapnoahoaapi] - C:\Users\coldharbor1950\AppData\Local\CRE\eijoglodfkeicibboibphapnoahoaapi.crx [2014-03-19]
CHR HKLM-x32\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\coldharbor1950\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx [2014-03-19]
CHR HKLM-x32\...\Chrome\Extension: [eijoglodfkeicibboibphapnoahoaapi] - C:\Users\coldharbor1950\AppData\Local\CRE\eijoglodfkeicibboibphapnoahoaapi.crx [2014-03-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\PROGRA~1\AVASTS~1\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-19]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2014-03-19]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-19] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 20:31 - 2014-03-22 20:32 - 00047232 _____ () C:\Users\coldharbor1950\Desktop\Addition.txt
2014-03-22 20:27 - 2014-03-22 20:27 - 02157056 _____ (Farbar) C:\Users\coldharbor1950\Desktop\FRST64.exe
2014-03-22 20:06 - 2014-03-22 20:06 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Downloads\OTL.exe
2014-03-22 18:54 - 2014-03-22 18:54 - 00987448 _____ () C:\Users\coldharbor1950\Desktop\SecurityCheck.exe
2014-03-22 15:12 - 2014-03-22 15:12 - 00333712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 15:12 - 2014-03-22 15:12 - 00000056 _____ () C:\Windows\setupact.log
2014-03-22 15:12 - 2014-03-22 15:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-21 12:55 - 2014-03-21 12:55 - 00000446 _____ () C:\Users\coldharbor1950\Documents\0321 Response.txt
2014-03-21 07:53 - 2014-03-21 07:53 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-20 10:43 - 2014-03-22 20:33 - 00020330 _____ () C:\Users\coldharbor1950\Desktop\FRST.txt
2014-03-19 15:03 - 2014-03-19 15:03 - 00002217 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-19 14:31 - 2014-03-19 14:31 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-19 14:24 - 2014-03-22 20:22 - 00121102 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 14:14 - 2014-03-19 14:14 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\coldharbor1950\Downloads\tdsskiller.exe
2014-03-19 13:56 - 2014-03-19 13:56 - 00407789 _____ () C:\Users\coldharbor1950\Downloads\TDSS.htm
2014-03-19 13:35 - 2014-03-19 13:35 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\coldharbor1950\Desktop\tdsskiller.exe
2014-03-19 11:32 - 2014-03-19 11:32 - 00053843 _____ () C:\Users\coldharbor1950\Documents\bookmarks_3_19_14.html
2014-03-19 10:15 - 2014-03-19 11:27 - 00424787 _____ () C:\Users\coldharbor1950\Downloads\avgremover.log
2014-03-19 10:14 - 2014-03-19 10:14 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\coldharbor1950\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-03-18 20:28 - 2014-03-18 20:28 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-18 17:23 - 2014-03-18 17:23 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-18 15:26 - 2014-03-18 15:26 - 00000000 ____D () C:\ProgramData\Google
2014-03-18 15:26 - 2014-03-18 15:26 - 00000000 ____D () C:\Program Files\Google
2014-03-18 14:53 - 2014-03-18 15:00 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\RK_Quarantine
2014-03-18 14:50 - 2014-03-18 14:50 - 03901952 _____ () C:\Users\coldharbor1950\Desktop\RogueKiller.exe
2014-03-18 14:21 - 2014-03-18 14:21 - 01037734 _____ (Thisisu) C:\Users\coldharbor1950\Downloads\JRT.exe
2014-03-18 14:21 - 2014-03-18 14:21 - 00001157 _____ () C:\Users\coldharbor1950\Desktop\JRT - Shortcut.lnk
2014-03-18 14:09 - 2014-03-18 14:09 - 01950720 _____ () C:\Users\coldharbor1950\Downloads\AdwCleaner.exe
2014-03-18 14:09 - 2014-03-18 14:09 - 00001230 _____ () C:\Users\coldharbor1950\Desktop\AdwCleaner - Shortcut.lnk
2014-03-18 14:01 - 2014-03-22 20:25 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\0318 Comp Repair
2014-03-18 13:55 - 2014-03-18 13:55 - 00000000 ____D () C:\_OTL
2014-03-18 12:36 - 2014-03-18 12:36 - 00005633 _____ () C:\Users\coldharbor1950\Documents\CompFix 031814.txt
2014-03-18 10:42 - 2014-03-18 10:42 - 00156902 _____ () C:\Users\coldharbor1950\Downloads\OTL 0318 Safe Mode.txt
2014-03-18 10:01 - 2014-03-18 10:01 - 00000382 _____ () C:\Users\coldharbor1950\Documents\cc_20140318_100102.reg
2014-03-18 08:41 - 2014-03-18 08:41 - 00160168 _____ () C:\Users\coldharbor1950\Downloads\OTL 0318.txt
2014-03-18 08:13 - 2014-03-18 08:13 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Downloads\OTL (1).com
2014-03-18 08:09 - 2014-03-18 08:09 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Desktop\OTL.com
2014-03-17 09:59 - 2014-03-17 09:59 - 00001341 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-17 09:44 - 2014-03-18 10:21 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-17 09:44 - 2014-03-17 09:44 - 00001041 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-03-17 09:44 - 2014-03-17 09:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-17 09:44 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-03-17 09:40 - 2014-03-17 09:40 - 04095448 _____ (BrightFort LLC ) C:\Users\coldharbor1950\Downloads\spywareblastersetup50.exe
2014-03-16 13:52 - 2014-03-16 13:52 - 00000968 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_135229.reg
2014-03-16 11:40 - 2014-03-18 16:41 - 00000977 _____ () C:\Users\coldharbor1950\Desktop\CCleaner.lnk
2014-03-16 11:40 - 2014-03-16 11:40 - 00002790 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-16 11:40 - 2014-03-16 11:40 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-03-16 11:40 - 2014-03-16 11:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-16 08:07 - 2014-03-16 08:07 - 00006528 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_080703.reg
2014-03-16 08:06 - 2014-03-16 08:06 - 00052550 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_080611.reg
2014-03-15 19:15 - 2014-03-15 19:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-15 19:14 - 2014-03-15 19:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-15 19:12 - 2014-03-15 19:12 - 00921000 _____ (Oracle Corporation) C:\Users\coldharbor1950\Downloads\chromeinstall-7u51 (2).exe
2014-03-15 16:09 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-15 16:09 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-15 16:09 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-15 16:09 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-15 16:09 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-15 16:09 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-15 16:09 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-15 16:09 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-15 16:09 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-15 16:09 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-15 16:09 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-15 16:09 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-15 16:08 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-15 16:08 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-15 16:08 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-15 16:08 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-15 16:08 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-15 16:08 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-15 16:08 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-15 16:08 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-15 16:08 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-15 16:08 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-15 16:08 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-15 16:08 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-15 16:08 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-15 16:08 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-15 16:08 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-15 16:08 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-15 16:08 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-15 16:08 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-15 16:08 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-15 16:08 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-15 16:08 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-15 16:08 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-15 16:08 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-15 16:08 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-15 16:08 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-15 16:08 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-15 16:08 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-15 16:08 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-15 16:08 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-15 16:08 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-15 16:08 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-15 16:08 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-15 16:06 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-15 16:06 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-15 16:05 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-15 16:05 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-15 15:40 - 2014-03-15 15:40 - 14805000 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup-cnetc (1).exe
2014-03-15 09:17 - 2014-03-15 13:33 - 00000000 ____D () C:\Users\coldharbor1950\Downloads\mbam-chameleon-1.62.1.1000
2014-03-15 09:16 - 2014-03-15 09:16 - 01440846 _____ () C:\Users\coldharbor1950\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-03-15 08:36 - 2014-03-15 08:36 - 00071630 _____ () C:\Users\coldharbor1950\Downloads\Extras.Txt
2014-03-15 08:35 - 2014-03-22 20:21 - 00108170 _____ () C:\Users\coldharbor1950\Downloads\OTL.Txt
2014-03-14 13:30 - 2014-03-14 13:30 - 00003139 _____ () C:\Users\coldharbor1950\Documents\Google Redirect.txt
2014-03-13 21:25 - 2014-03-13 21:25 - 00020106 _____ () C:\Users\coldharbor1950\Documents\startup.txt
2014-03-13 19:31 - 2014-03-13 19:31 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\VS Revo Group
2014-03-13 14:21 - 2014-03-13 14:21 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-03-12 09:41 - 2014-03-12 09:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 09:41 - 2014-03-12 09:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-10 10:53 - 2014-03-11 20:26 - 00018052 _____ () C:\Users\coldharbor1950\Documents\eBay.odt
2014-03-10 10:08 - 2014-01-12 11:52 - 00011070 _____ () C:\Users\coldharbor1950\Documents\untitled_1.odt
2014-02-27 15:27 - 2014-02-27 15:27 - 14827320 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup (2).exe
2014-02-25 21:16 - 2014-02-25 21:19 - 78353784 _____ (AVG) C:\Users\coldharbor1950\Downloads\avg_tuh_stf_all_2014_295.exe
2014-02-24 14:25 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-24 14:25 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-24 14:25 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-24 14:25 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-24 14:24 - 2014-03-18 16:38 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
2014-02-24 14:24 - 2014-03-18 12:51 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-24 13:58 - 2014-02-24 14:00 - 78353832 _____ (AVG) C:\Users\coldharbor1950\Downloads\avg_tuh_stf_all_2014_295_24c28.exe
2014-02-23 11:51 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-23 11:51 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-23 11:51 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-23 11:51 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-23 11:51 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-23 11:51 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-23 11:51 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-23 11:51 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-23 11:51 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-23 11:51 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-23 11:51 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-23 11:51 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-23 11:51 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-23 11:51 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-23 11:51 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-23 11:51 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-23 11:51 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-23 11:51 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-23 11:50 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-23 11:50 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-23 11:50 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-23 11:50 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-23 11:50 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-23 11:50 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-23 11:48 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 11:48 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-22 12:18 - 2014-03-09 12:24 - 00001514 _____ () C:\Users\coldharbor1950\Documents\eBay Civil War.txt
2014-02-22 10:11 - 2014-02-22 10:11 - 00847856 _____ (Google Inc.) C:\Users\coldharbor1950\Downloads\ChromeSetup.exe
2014-02-21 18:52 - 2014-02-21 18:52 - 15530400 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup (1).exe
2014-02-20 18:51 - 2014-02-20 18:51 - 00001991 _____ () C:\Users\Public\Desktop\H&R Block 2013.lnk
2014-02-20 18:48 - 2014-03-15 13:29 - 00000000 ____D () C:\Program Files (x86)\HRBlock2013
2014-02-20 13:51 - 2014-02-20 13:52 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\2013 Taxes
2014-02-20 13:47 - 2014-02-20 13:49 - 03830677 _____ () C:\Users\coldharbor1950\Downloads\w2.zip

==================== One Month Modified Files and Folders =======

2014-03-22 20:33 - 2014-03-20 10:43 - 00020330 _____ () C:\Users\coldharbor1950\Desktop\FRST.txt
2014-03-22 20:33 - 2014-01-07 13:49 - 00000000 ____D () C:\FRST
2014-03-22 20:32 - 2014-03-22 20:31 - 00047232 _____ () C:\Users\coldharbor1950\Desktop\Addition.txt
2014-03-22 20:27 - 2014-03-22 20:27 - 02157056 _____ (Farbar) C:\Users\coldharbor1950\Desktop\FRST64.exe
2014-03-22 20:25 - 2014-03-18 14:01 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\0318 Comp Repair
2014-03-22 20:22 - 2014-03-19 14:24 - 00121102 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 20:21 - 2014-03-15 08:35 - 00108170 _____ () C:\Users\coldharbor1950\Downloads\OTL.Txt
2014-03-22 20:11 - 2012-11-02 22:25 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-22 20:06 - 2014-03-22 20:06 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Downloads\OTL.exe
2014-03-22 20:04 - 2012-12-28 23:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 18:57 - 2014-01-17 08:28 - 00047104 ___SH () C:\Users\coldharbor1950\Desktop\Thumbs.db
2014-03-22 18:54 - 2014-03-22 18:54 - 00987448 _____ () C:\Users\coldharbor1950\Desktop\SecurityCheck.exe
2014-03-22 16:05 - 2012-06-09 14:14 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{97A3A84A-CC66-4D5F-A3C7-2DF30115F961}
2014-03-22 15:19 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 15:19 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 15:19 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 15:14 - 2012-11-02 22:25 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-22 15:12 - 2014-03-22 15:12 - 00333712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 15:12 - 2014-03-22 15:12 - 00000056 _____ () C:\Windows\setupact.log
2014-03-22 15:12 - 2014-03-22 15:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-22 15:12 - 2014-01-05 19:57 - 00000000 ____D () C:\ProgramData\PDFC
2014-03-22 15:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 07:07 - 2012-12-19 20:08 - 00003240 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForcoldharbor1950
2014-03-22 07:07 - 2012-12-19 20:08 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForcoldharbor1950.job
2014-03-21 12:55 - 2014-03-21 12:55 - 00000446 _____ () C:\Users\coldharbor1950\Documents\0321 Response.txt
2014-03-21 07:53 - 2014-03-21 07:53 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-19 15:03 - 2014-03-19 15:03 - 00002217 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-19 15:03 - 2012-10-11 17:19 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\Google
2014-03-19 15:03 - 2012-10-11 17:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-19 14:31 - 2014-03-19 14:31 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-19 14:14 - 2014-03-19 14:14 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\coldharbor1950\Downloads\tdsskiller.exe
2014-03-19 14:11 - 2013-06-20 09:31 - 00000000 ____D () C:\Windows\pss
2014-03-19 13:56 - 2014-03-19 13:56 - 00407789 _____ () C:\Users\coldharbor1950\Downloads\TDSS.htm
2014-03-19 13:35 - 2014-03-19 13:35 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\coldharbor1950\Desktop\tdsskiller.exe
2014-03-19 11:32 - 2014-03-19 11:32 - 00053843 _____ () C:\Users\coldharbor1950\Documents\bookmarks_3_19_14.html
2014-03-19 11:27 - 2014-03-19 10:15 - 00424787 _____ () C:\Users\coldharbor1950\Downloads\avgremover.log
2014-03-19 10:16 - 2013-12-14 22:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-19 10:14 - 2014-03-19 10:14 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\coldharbor1950\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-03-18 20:37 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 20:33 - 2012-10-19 05:00 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 20:28 - 2014-03-18 20:28 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-18 17:23 - 2014-03-18 17:23 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-18 17:23 - 2013-03-06 09:13 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Local\Adobe
2014-03-18 17:23 - 2012-12-28 23:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-18 17:23 - 2012-10-24 21:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-18 17:23 - 2012-01-18 17:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-18 16:41 - 2014-03-16 11:40 - 00000977 _____ () C:\Users\coldharbor1950\Desktop\CCleaner.lnk
2014-03-18 16:38 - 2014-02-24 14:24 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
2014-03-18 16:10 - 2012-10-15 23:53 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-18 16:07 - 2012-10-15 23:52 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-18 15:30 - 2012-10-11 17:17 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Local\Deployment
2014-03-18 15:29 - 2012-10-11 17:17 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\Apps\2.0
2014-03-18 15:26 - 2014-03-18 15:26 - 00000000 ____D () C:\ProgramData\Google
2014-03-18 15:26 - 2014-03-18 15:26 - 00000000 ____D () C:\Program Files\Google
2014-03-18 15:00 - 2014-03-18 14:53 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\RK_Quarantine
2014-03-18 14:50 - 2014-03-18 14:50 - 03901952 _____ () C:\Users\coldharbor1950\Desktop\RogueKiller.exe
2014-03-18 14:21 - 2014-03-18 14:21 - 01037734 _____ (Thisisu) C:\Users\coldharbor1950\Downloads\JRT.exe
2014-03-18 14:21 - 2014-03-18 14:21 - 00001157 _____ () C:\Users\coldharbor1950\Desktop\JRT - Shortcut.lnk
2014-03-18 14:15 - 2013-12-17 17:09 - 00000000 ____D () C:\AdwCleaner
2014-03-18 14:09 - 2014-03-18 14:09 - 01950720 _____ () C:\Users\coldharbor1950\Downloads\AdwCleaner.exe
2014-03-18 14:09 - 2014-03-18 14:09 - 00001230 _____ () C:\Users\coldharbor1950\Desktop\AdwCleaner - Shortcut.lnk
2014-03-18 13:55 - 2014-03-18 13:55 - 00000000 ____D () C:\_OTL
2014-03-18 12:51 - 2014-02-24 14:24 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-03-18 12:36 - 2014-03-18 12:36 - 00005633 _____ () C:\Users\coldharbor1950\Documents\CompFix 031814.txt
2014-03-18 12:17 - 2012-11-02 22:25 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-18 12:17 - 2012-11-02 22:25 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-18 10:42 - 2014-03-18 10:42 - 00156902 _____ () C:\Users\coldharbor1950\Downloads\OTL 0318 Safe Mode.txt
2014-03-18 10:21 - 2014-03-17 09:44 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-18 10:09 - 2014-01-01 13:25 - 00003182 _____ () C:\Windows\System32\Tasks\{F876F0D1-9074-4454-9507-B66E6F1F41E7}
2014-03-18 10:08 - 2013-10-10 06:57 - 00003242 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-387024861-1857405023-142887614-1000
2014-03-18 10:01 - 2014-03-18 10:01 - 00000382 _____ () C:\Users\coldharbor1950\Documents\cc_20140318_100102.reg
2014-03-18 08:41 - 2014-03-18 08:41 - 00160168 _____ () C:\Users\coldharbor1950\Downloads\OTL 0318.txt
2014-03-18 08:13 - 2014-03-18 08:13 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Downloads\OTL (1).com
2014-03-18 08:09 - 2014-03-18 08:09 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Desktop\OTL.com
2014-03-18 07:20 - 2013-12-31 14:06 - 00003356 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-387024861-1857405023-142887614-1000
2014-03-17 22:50 - 2013-05-30 14:32 - 00000000 ____D () C:\JRT
2014-03-17 18:51 - 2013-05-30 13:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-17 10:02 - 2013-05-30 13:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-17 09:59 - 2014-03-17 09:59 - 00001341 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-17 09:44 - 2014-03-17 09:44 - 00001041 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-03-17 09:44 - 2014-03-17 09:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-17 09:40 - 2014-03-17 09:40 - 04095448 _____ (BrightFort LLC ) C:\Users\coldharbor1950\Downloads\spywareblastersetup50.exe
2014-03-16 13:52 - 2014-03-16 13:52 - 00000968 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_135229.reg
2014-03-16 11:40 - 2014-03-16 11:40 - 00002790 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-16 11:40 - 2014-03-16 11:40 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-03-16 11:40 - 2014-03-16 11:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-16 08:07 - 2014-03-16 08:07 - 00006528 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_080703.reg
2014-03-16 08:06 - 2014-03-16 08:06 - 00052550 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_080611.reg
2014-03-16 03:25 - 2013-12-10 10:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 03:25 - 2013-12-10 10:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 19:15 - 2014-01-18 18:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-15 19:14 - 2014-03-15 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-15 19:14 - 2014-03-15 19:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-15 19:12 - 2014-03-15 19:12 - 00921000 _____ (Oracle Corporation) C:\Users\coldharbor1950\Downloads\chromeinstall-7u51 (2).exe
2014-03-15 15:56 - 2012-01-18 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-15 15:43 - 2012-10-22 10:25 - 00004248 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm
2014-03-15 15:43 - 2012-10-22 10:25 - 00003508 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2014-03-15 15:40 - 2014-03-15 15:40 - 14805000 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup-cnetc (1).exe
2014-03-15 14:38 - 2012-06-09 14:07 - 00000000 ____D () C:\Users\coldharbor1950
2014-03-15 14:35 - 2013-12-17 22:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-15 14:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-03-15 13:33 - 2014-03-15 09:17 - 00000000 ____D () C:\Users\coldharbor1950\Downloads\mbam-chameleon-1.62.1.1000
2014-03-15 13:33 - 2013-11-19 21:22 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-15 13:33 - 2013-02-08 17:21 - 00000000 ____D () C:\ProgramData\pdf995
2014-03-15 13:33 - 2012-12-07 10:45 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-15 13:33 - 2012-11-09 22:49 - 00000000 ____D () C:\ProgramData\IObit
2014-03-15 13:33 - 2012-10-12 15:52 - 00000000 ____D () C:\Windows\WindowsMobile
2014-03-15 13:33 - 2012-01-18 17:30 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-15 13:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-03-15 13:30 - 2014-02-14 21:56 - 00000000 ____D () C:\Program Files\Java
2014-03-15 13:30 - 2012-12-07 10:45 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\Real
2014-03-15 13:30 - 2012-12-07 10:43 - 00000000 ____D () C:\ProgramData\Real
2014-03-15 13:30 - 2012-10-30 03:03 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\Skype
2014-03-15 13:29 - 2014-02-20 18:48 - 00000000 ____D () C:\Program Files (x86)\HRBlock2013
2014-03-15 13:28 - 2014-02-19 20:20 - 00000000 ____D () C:\DrvInstall
2014-03-15 09:16 - 2014-03-15 09:16 - 01440846 _____ () C:\Users\coldharbor1950\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-03-15 08:36 - 2014-03-15 08:36 - 00071630 _____ () C:\Users\coldharbor1950\Downloads\Extras.Txt
2014-03-14 18:39 - 2012-10-20 18:10 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Local\CrashDumps
2014-03-14 13:30 - 2014-03-14 13:30 - 00003139 _____ () C:\Users\coldharbor1950\Documents\Google Redirect.txt
2014-03-13 21:25 - 2014-03-13 21:25 - 00020106 _____ () C:\Users\coldharbor1950\Documents\startup.txt
2014-03-13 19:31 - 2014-03-13 19:31 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\VS Revo Group
2014-03-13 14:21 - 2014-03-13 14:21 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-03-12 09:41 - 2014-03-12 09:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 09:41 - 2014-03-12 09:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-11 20:26 - 2014-03-10 10:53 - 00018052 _____ () C:\Users\coldharbor1950\Documents\eBay.odt
2014-03-09 19:26 - 2013-01-05 11:35 - 00000000 ___HD () C:\Users\coldharbor1950\Documents\HRBlock
2014-03-09 12:24 - 2014-02-22 12:18 - 00001514 _____ () C:\Users\coldharbor1950\Documents\eBay Civil War.txt
2014-03-01 01:05 - 2014-03-15 16:08 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:17 - 2014-03-15 16:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:16 - 2014-03-15 16:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 23:58 - 2014-03-15 16:09 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:52 - 2014-03-15 16:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 23:51 - 2014-03-15 16:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 23:42 - 2014-03-15 16:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 23:40 - 2014-03-15 16:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 23:37 - 2014-03-15 16:08 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 23:33 - 2014-03-15 16:08 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 23:33 - 2014-03-15 16:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 23:32 - 2014-03-15 16:08 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 23:30 - 2014-03-15 16:09 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 23:23 - 2014-03-15 16:08 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 23:17 - 2014-03-15 16:08 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:11 - 2014-03-15 16:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 23:02 - 2014-03-15 16:08 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 22:54 - 2014-03-15 16:08 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 22:52 - 2014-03-15 16:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 22:51 - 2014-03-15 16:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 22:47 - 2014-03-15 16:09 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 22:43 - 2014-03-15 16:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 22:43 - 2014-03-15 16:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 22:42 - 2014-03-15 16:08 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:40 - 2014-03-15 16:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 22:38 - 2014-03-15 16:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 22:37 - 2014-03-15 16:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 22:35 - 2014-03-15 16:08 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 22:18 - 2014-03-15 16:08 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:16 - 2014-03-15 16:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 22:14 - 2014-03-15 16:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 22:10 - 2014-03-15 16:08 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:03 - 2014-03-15 16:09 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 22:00 - 2014-03-15 16:08 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 21:57 - 2014-03-15 16:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 21:38 - 2014-03-15 16:08 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 21:32 - 2014-03-15 16:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 21:27 - 2014-03-15 16:09 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 21:25 - 2014-03-15 16:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 21:25 - 2014-03-15 16:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 15:27 - 2014-02-27 15:27 - 14827320 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup (2).exe
2014-02-25 21:25 - 2013-12-14 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-25 21:19 - 2014-02-25 21:16 - 78353784 _____ (AVG) C:\Users\coldharbor1950\Downloads\avg_tuh_stf_all_2014_295.exe
2014-02-24 14:24 - 2012-12-28 21:07 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\Downloaded Installations
2014-02-24 14:24 - 2012-11-19 20:03 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Roaming\hpqLog
2014-02-24 14:24 - 2012-11-19 20:03 - 00000000 ____D () C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-02-24 14:24 - 2012-06-10 14:41 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Roaming\HpUpdate
2014-02-24 14:04 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-02-24 14:00 - 2014-02-24 13:58 - 78353832 _____ (AVG) C:\Users\coldharbor1950\Downloads\avg_tuh_stf_all_2014_295_24c28.exe
2014-02-23 11:53 - 2011-02-11 12:15 - 00775546 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-22 10:11 - 2014-02-22 10:11 - 00847856 _____ (Google Inc.) C:\Users\coldharbor1950\Downloads\ChromeSetup.exe
2014-02-21 18:52 - 2014-02-21 18:52 - 15530400 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup (1).exe
2014-02-20 18:51 - 2014-02-20 18:51 - 00001991 _____ () C:\Users\Public\Desktop\H&R Block 2013.lnk
2014-02-20 18:51 - 2013-01-05 11:37 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\TaxCut
2014-02-20 18:46 - 2013-01-05 11:32 - 00000000 ____D () C:\ProgramData\TaxCut
2014-02-20 13:52 - 2014-02-20 13:51 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\2013 Taxes
2014-02-20 13:49 - 2014-02-20 13:47 - 03830677 _____ () C:\Users\coldharbor1950\Downloads\w2.zip

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 08:59

==================== End Of Log ============================
  • 0

Advertisements


#32
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Additions:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by coldharbor1950 at 2014-03-22 20:34:42
Running from C:\Users\coldharbor1950\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0512.1812.30806 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.5801 - HRB Technology, LLC.)
H&R Block Wisconsin 2012 (HKLM-x32\...\{A9EFBFB8-A314-4F9F-83B6-A0932C62728D}) (Version: 1.12.4201 - HRB Technology, LLC.)
H&R Block Wisconsin 2013 (HKLM-x32\...\{586C0B83-75B3-42FD-8D5B-B81CC6E7EFC9}) (Version: 1.13.4001 - HRB Technology, LLC.)
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Masque IGT Slots Wolf Run (HKLM-x32\...\{7C0BF6E9-7021-46E4-87B3-4C4587256A22}) (Version: 1.0.3 - Masque Publishing)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
PrintMaster 2012 Platinum (HKLM-x32\...\5354-7805-5584-7014) (Version: 4.0.0.200 - Encore Software Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7121 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoboForm 7-9-5-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-5-7 - Siber Systems)
Serif PagePlus Starter Edition (HKLM-x32\...\{C349396B-D599-4F49-890C-4B663739E2CA}) (Version: 3.0.0.3 - Serif (Europe) Ltd)
Serif PagePlus: Poster Template Pack 1 (HKLM-x32\...\{561989D6-1BEE-452D-83FE-6E8AB80F341A}) (Version: 1.0.1.042 - Serif (Europe) Ltd)
Serif PhotoPlus 8.0 (HKLM-x32\...\{0F6D55D8-89AA-4C1D-BC4C-ACBBDE8BE57A}) (Version: - )
Serif PhotoPlus Association File Formats (HKLM-x32\...\{F8650CB3-89F1-4AE0-81AC-917423C58DB8}) (Version: - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.6.0 - Nikon)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Restore Points =========================

15-03-2014 12:52:29 Windows Backup
15-03-2014 17:34:42 Restore Operation
15-03-2014 19:46:02 Windows Backup
15-03-2014 20:54:32 Windows Live Essentials
15-03-2014 20:55:17 WLSetup
18-03-2014 18:55:56 OTL Restore Point - 3/18/2014 1:55:53 PM
18-03-2014 21:08:15 avast! antivirus system restore point
18-03-2014 21:11:37 Removed AVG 2014
18-03-2014 21:13:11 Removed AVG 2014
18-03-2014 21:15:41 Removed AVG 2014
18-03-2014 21:39:14 Removed AVG PC TuneUp 2014
18-03-2014 21:40:53 Removed AVG PC TuneUp 2014 (en-US)
19-03-2014 01:33:15 Windows Update
22-03-2014 05:00:16 Windows Backup

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-01-01 15:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {12012487-4520-4ED5-9DF4-B893A8B156F6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-387024861-1857405023-142887614-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {2B3C8B51-8C6C-4C18-8F28-F424F85A6F2A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {353CE0D9-2049-49A9-853D-65D24B54AC28} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {4E152986-4C08-4E49-955F-DA8695D0F7CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {6914A14E-3ED5-43DD-B107-F7ED62A2AF7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-02] (Google Inc.)
Task: {70E896FE-5EF7-4047-A011-3108456F9C98} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {823643CA-D110-4171-BFB0-BB3401209CCA} - System32\Tasks\HP online update program => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {9050D9CF-7F72-47E0-9703-6B2F4C650959} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {9406294F-592E-4613-ABC6-B1E7046ADA2E} - System32\Tasks\HPCeeScheduleForcoldharbor1950 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {9E6397F1-769E-4BDC-8B47-CCC5D7550F29} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-387024861-1857405023-142887614-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {C15E4170-D91C-4ED5-A054-DF14FF27CD1A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18] (Adobe Systems Incorporated)
Task: {D9259BEB-EF06-4D5F-87DC-A7F267FA4F3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-02] (Google Inc.)
Task: {DB206196-E4D5-4B77-A005-D266E46D79D2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {DD41F7B0-05C7-47AE-9F1D-F64AC6991CCB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {F1E2FB07-561F-4198-8D5D-99C62CB53C0C} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {FBD534DC-0905-406A-80A8-0FBCCD280648} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-03-15] (Siber Systems)
Task: {FC1E7333-3415-4F61-9946-999DB5A71851} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\HPCeeScheduleForcoldharbor1950.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-11-11 21:28 - 2012-09-12 16:33 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2013-02-08 17:21 - 2012-04-26 16:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2013-10-08 10:34 - 2013-10-08 10:34 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-06-08 16:57 - 2011-06-08 16:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2014-01-05 09:32 - 2011-12-07 19:31 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2014-01-05 09:32 - 2011-12-08 17:53 - 08364288 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2014-03-17 09:58 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-17 09:58 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-17 09:58 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-17 09:58 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-17 09:58 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-05 09:32 - 2011-10-25 15:54 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2014-01-05 09:32 - 2011-09-13 17:57 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45734023.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45734023.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\startupfolder: C:^Users^coldharbor1950^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: HP Deskjet 3050A J611 series (NET) => "c:\program files\hp\hp deskjet 3050a j611 series\bin\scantopcactivationapp.exe" -deviceid "cn29a6cp8s05pj:nw" -scfn "hp deskjet 3050a j611 series (net)" -autostart 1
MSCONFIG\startupreg: Windows Mobile-based device management => %WINDIR%\WindowsMobile\wmdcBase.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2014 08:32:43 PM) (Source: HPTouchSmartCalendar) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:29:43 PM) (Source: HPTouchSmartCalendar) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:26:43 PM) (Source: HPTouchSmartCalendar) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:23:42 PM) (Source: HPTouchSmartCalendar) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:20:42 PM) (Source: HPTouchSmartCalendar) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:17:42 PM) (Source: HPTouchSmartCalendar) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:14:42 PM) (Source: HPTouchSmartCalendar) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:11:42 PM) (Source: HPTouchSmartCalendar) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:08:42 PM) (Source: HPTouchSmartCalendar) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:05:42 PM) (Source: HPTouchSmartCalendar) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)


System errors:
=============
Error: (03/20/2014 10:36:27 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/20/2014 10:36:27 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/20/2014 10:36:27 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/20/2014 10:36:27 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/20/2014 10:36:27 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/20/2014 10:36:27 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/20/2014 10:36:27 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/20/2014 10:36:27 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/20/2014 10:36:25 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/20/2014 10:36:25 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/22/2014 08:35:43 PM) (Source: HPTouchSmartCalendar)(User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:32:43 PM) (Source: HPTouchSmartCalendar)(User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:29:43 PM) (Source: HPTouchSmartCalendar)(User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:26:43 PM) (Source: HPTouchSmartCalendar)(User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:23:42 PM) (Source: HPTouchSmartCalendar)(User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:20:42 PM) (Source: HPTouchSmartCalendar)(User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:17:42 PM) (Source: HPTouchSmartCalendar)(User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:14:42 PM) (Source: HPTouchSmartCalendar)(User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:11:42 PM) (Source: HPTouchSmartCalendar)(User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)

Error: (03/22/2014 08:08:42 PM) (Source: HPTouchSmartCalendar)(User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlDocument.Save(String filename)
at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider)


CodeIntegrity Errors:
===================================
Date: 2014-01-01 14:36:33.274
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-01 14:36:32.666
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3686.54 MB
Available physical RAM: 2171.43 MB
Total Pagefile: 7371.27 MB
Available Pagefile: 5719.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.07 GB) (Free:396.99 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.59 GB) (Free:2.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HR Block 2013) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5476193F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#33
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi -
Let's try that OTL scan again, last one was not quite right.
I have a lot to look over, be back in the morning sometime.

Run OTL
Paste the following into the Custom Scans/Fixes box:

baseservices

Next click on the grey None button up on the top of the OTL window
Next click on the Blue Run Scan button also on the top

This scan should not take long, please post the resulting log.
  • 0

#34
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Requested Log from OTL:

OTL logfile created on: 3/22/2014 9:53:08 PM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\coldharbor1950\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 59.60% Memory free
7.20 Gb Paging File | 5.61 Gb Available in Paging File | 77.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.07 Gb Total Space | 396.69 Gb Free Space | 88.34% Space Free | Partition Type: NTFS
Drive D: | 16.59 Gb Total Space | 2.04 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 58.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ICELAND | User Name: coldharbor1950 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/01/18 16:39:52 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/01/18 16:42:59 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< End of report >
  • 0

#35
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
More fun this morning with the computer. My Library is empty. I have photos ready to put in eBay listings today, and they are gone, along with all the other Library folders.

I don't think whatever is whipping on my computer (and my wallet) is very happy with the work we are doing.

Also dealing with another weird issue: I was reading an article and all of a sudden, the url changed and sent me to a full page ad for some video game. It wasn't a new place for me to read, but I got out asap.

Is it safe for me to download and install an antivirus program? Suggestion for the best free option???

Edited by krisinluck, 23 March 2014 - 07:39 AM.

  • 0

#36
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi there,
I am not seeing anything bad in the last few log files.
I would like to concentrate on getting you a working anti virus.

Libraries -
The library is just a collection of different areas on your drive.
is the library screen completly blank, or are there the default folders in there?
If completely blank, then please try this method here

Not sure how they dissapeared on your machine, do you know one of your photo's file name? Please do a search for a file, or a folder, that should be in your library.

Since you have already run Combofix in the past (I see traces of it on your system) let's run it again,
If you have the combofix icon on your desktop please delete it, and download a fresh copy -
Step 1
Please download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Step 2
Avast -
Something is weird there, so I would like you to uninstall Avast and reinstall.
Please only use Windows to uninstall, don't do it with ccleaner, or any other program.
  • Go to Control Panel, then Uninstall a Program.
  • Uninstall Avast - if it's not in the list then please continue on...
  • Next please download Avastclear from here and save it on your desktop
  • Reboot into Safe Mode - instructions here if needed
  • Right click on Avastclear.exe and select Run as Administrator
  • If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
  • Click REMOVE
  • Restart your computer

Now download the Avast installer from here
Scroll down and download the Free version, you can always upgrade to the paid version later.
Before installing Avast, please disable Spybot, if you can't disable it, please uninstall it. You can re-install it later, but it's rather useless, and MalwareBytes Pro will protect you much better. Please consider leaving it uninstalled.
I would like you to also disable MalwareBytes at this time, you can restart it's protection after Avast is installed.

Have you had any other AntiVirus programs on this computer in the past?

In your next reply I would like to see:
  • Combofix log
  • Did the steps in that article help with the libraries?
  • Avast status?

  • 0

#37
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Oh, that is a keeper! Everything is there again! Thank you!

Off to deal with the scans you gave me.
  • 0

#38
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
When I started ComboFix, I went to take photos of the next batch of listings so I wouldn't be freaking out while it ran.

20 minutes later, I came in to check on it. It had completed Stage 48. That was 15 minutes ago. Nothing since.

Until I hear back from you on that issue, I am going to take care of Avast.

There is NO Avast on my system. No folder, no nothing.

When I rebooted after SafeMode, I was greeted with the following in the middle of my screen: "The Recycle Bin on C:\ is corrupted. Do you want to empty this drive?" When I tell it yes - even though it is empty already - it comes right back up.

Edited by krisinluck, 23 March 2014 - 10:36 AM.

  • 0

#39
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts

When I started ComboFix, I went to take photos of the next batch of listings so I wouldn't be freaking out while it ran.

20 minutes later, I came in to check on it. It had completed Stage 48. That was 15 minutes ago. Nothing since.


If the hard drive activity light is on or blinking, then CF is doing it's job. It may take a while longer
  • 0

#40
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Okay - I'll get ahead of the game on photos then.

Avast is installed and connected and working! Hooray!
  • 0

Advertisements


#41
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
ComboFix.txt:

ComboFix 14-03-23.01 - coldharbor1950 03/23/2014 12:15:48.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.2230 [GMT -5:00]
Running from: c:\users\coldharbor1950\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-02-23 to 2014-03-23 )))))))))))))))))))))))))))))))
.
.
2014-03-23 17:34 . 2014-03-23 17:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-23 17:34 . 2014-03-23 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-23 16:48 . 2014-03-23 16:48 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-23 16:48 . 2014-03-23 16:48 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-23 16:48 . 2014-03-23 16:48 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-23 16:48 . 2014-03-23 16:48 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-23 16:48 . 2014-03-23 16:48 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-23 16:48 . 2014-03-23 16:48 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-23 16:48 . 2014-03-23 16:48 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-23 16:48 . 2014-03-23 16:48 43152 ----a-w- c:\windows\avastSS.scr
2014-03-23 16:48 . 2014-03-23 16:48 -------- d-----w- c:\program files\AVAST Software
2014-03-21 12:53 . 2014-03-21 12:53 -------- d-----w- c:\program files (x86)\ESET
2014-03-21 08:27 . 2014-03-17 15:16 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3AF460F-2079-4E34-A160-08D7B64D7375}\mpengine.dll
2014-03-19 19:31 . 2014-03-19 19:31 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-19 01:28 . 2014-03-19 01:28 -------- d-----w- c:\program files\McAfee Security Scan
2014-03-18 22:23 . 2014-03-18 22:23 -------- d-----w- c:\programdata\McAfee Security Scan
2014-03-18 20:26 . 2014-03-18 20:26 -------- d-----w- c:\program files\Google
2014-03-18 18:55 . 2014-03-18 18:55 -------- d-----w- C:\_OTL
2014-03-17 14:44 . 2014-03-17 14:44 -------- d-----w- c:\programdata\Licenses
2014-03-17 14:44 . 2009-03-24 17:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-03-17 14:44 . 2014-03-18 15:21 -------- d-----w- c:\program files (x86)\SpywareBlaster
2014-03-16 16:40 . 2014-03-16 16:40 -------- d-----w- c:\program files\CCleaner
2014-03-16 00:15 . 2014-03-16 00:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-03-16 00:14 . 2014-03-16 00:14 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-16 00:14 . 2014-03-16 00:14 -------- d-----w- c:\program files (x86)\Java
2014-03-15 21:08 . 2014-03-01 22:02 808152 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2014-03-15 21:06 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-15 21:06 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-15 21:05 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-15 21:05 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-14 00:31 . 2014-03-14 00:31 -------- d-----w- c:\users\coldharbor1950\AppData\Local\VS Revo Group
2014-03-13 19:21 . 2014-03-13 19:21 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2014-03-12 14:41 . 2014-03-12 14:41 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2014-02-24 19:25 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-24 19:25 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-24 19:25 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-24 19:25 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-23 16:50 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-23 16:50 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-23 16:50 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-23 16:50 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-23 16:48 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-23 16:48 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-23 16:48 . 2012-10-16 04:53 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-19 01:33 . 2012-10-19 10:00 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-18 22:23 . 2012-10-25 02:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-18 22:23 . 2012-01-18 22:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 01:20 . 2014-02-20 01:20 3791320 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-02-20 01:20 . 2014-02-20 01:20 2782936 ----a-w- c:\windows\system32\RtkAPO64.dll
2014-02-20 01:20 . 2014-02-20 01:20 43720192 ----a-w- c:\windows\system32\RCoRes64.dat
2014-02-20 01:20 . 2014-02-20 01:20 154840 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-02-15 03:09 . 2014-02-15 03:09 1958616 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-01-05 02:13 . 2014-01-05 02:13 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2014-01-05 02:13 . 2014-01-05 02:13 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2014-01-05 02:13 . 2014-01-05 02:13 2810072 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-01-05 02:13 . 2014-01-05 02:13 1021656 ----a-w- c:\windows\system32\RtkApi64.dll
2014-01-05 02:13 . 2014-01-05 02:13 618200 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-01-05 02:13 . 2014-01-05 02:13 1286872 ----a-w- c:\windows\system32\RTCOM64.dll
2014-01-05 02:12 . 2014-01-05 02:12 2743328 ----a-w- c:\windows\system32\FMAPO64.dll
2014-01-05 02:12 . 2014-01-05 02:12 209096 ----a-w- c:\windows\system32\AERTAC64.dll
2014-01-05 02:12 . 2014-01-05 02:12 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-01-05 02:12 . 2014-01-05 02:12 108640 ----a-w- c:\windows\system32\AERTAR64.dll
2014-01-05 02:02 . 2014-01-05 02:02 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-01-05 02:02 . 2014-01-05 02:02 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-01-05 02:02 . 2014-01-05 02:02 99840 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-01-05 02:02 . 2014-01-05 02:02 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-01-05 02:02 . 2014-01-05 02:02 230912 ----a-w- c:\windows\system32\clinfo.exe
2014-01-05 02:02 . 2014-01-05 02:02 129536 ----a-w- c:\windows\system32\coinst_13.251.dll
2014-01-05 02:02 . 2014-01-05 02:02 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-01-05 02:02 . 2014-01-05 02:02 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-01-05 02:02 . 2012-01-18 21:49 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-01-05 02:02 . 2014-01-05 02:02 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-01-05 02:02 . 2014-01-05 02:02 8927704 ----a-w- c:\windows\system32\atiumd6a.dll
2014-01-05 02:02 . 2014-01-05 02:02 7751920 ----a-w- c:\windows\system32\atiumd64.dll
2014-01-05 02:02 . 2014-01-05 02:02 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-01-05 02:02 . 2014-01-05 02:02 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-01-05 02:02 . 2014-01-05 02:02 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2014-01-05 02:02 . 2014-01-05 02:02 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-01-05 02:02 . 2014-01-05 02:02 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-01-05 02:02 . 2014-01-05 02:02 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-01-05 02:02 . 2014-01-05 02:02 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-01-05 02:02 . 2014-01-05 02:02 74752 ----a-w- c:\windows\system32\atig6pxx.dll
2014-01-05 02:02 . 2014-01-05 02:02 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-01-05 02:02 . 2014-01-05 02:02 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-01-05 02:02 . 2014-01-05 02:02 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-01-05 02:02 . 2014-01-05 02:02 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-01-05 02:02 . 2014-01-05 02:02 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-01-05 02:02 . 2014-01-05 02:02 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-01-05 02:02 . 2014-01-05 02:02 26352128 ----a-w- c:\windows\system32\atio6axx.dll
2014-01-05 02:02 . 2014-01-05 02:02 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-01-05 02:02 . 2014-01-05 02:02 100352 ----a-w- c:\windows\system32\atig6txx.dll
2014-01-05 02:02 . 2014-01-05 02:02 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-01-05 02:02 . 2013-10-08 12:53 588288 ----a-w- c:\windows\system32\atieclxx.exe
2014-01-05 02:02 . 2013-10-08 12:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-01-05 02:02 . 2012-01-18 21:49 9753752 ----a-w- c:\windows\system32\atidxx64.dll
2014-01-05 02:02 . 2014-01-05 02:02 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-01-05 02:02 . 2014-01-05 02:02 63488 ----a-w- c:\windows\system32\OpenCL.dll
2014-01-05 02:02 . 2014-01-05 02:02 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-01-05 02:02 . 2014-01-05 02:02 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-01-05 02:02 . 2014-01-05 02:02 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-01-05 02:02 . 2014-01-05 02:02 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-01-05 02:02 . 2014-01-05 02:02 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-01-05 02:02 . 2014-01-05 02:02 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-01-05 02:02 . 2014-01-05 02:02 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-01-05 02:02 . 2014-01-05 02:02 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2014-01-05 02:02 . 2014-01-05 02:02 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-01-05 02:02 . 2014-01-05 02:02 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-01-05 02:02 . 2014-01-05 02:02 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-01-05 02:02 . 2013-10-08 12:28 1144320 ----a-w- c:\windows\system32\atiadlxx.dll
2014-01-05 02:02 . 2012-01-18 21:49 1318552 ----a-w- c:\windows\system32\aticfx64.dll
2014-01-05 02:02 . 2014-01-05 02:02 29382144 ----a-w- c:\windows\system32\amdocl64.dll
2014-01-05 02:02 . 2014-01-05 02:02 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-03-15 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-23 3854640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Genie.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2014-1-5 8364288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-19 20:02 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 22:23]
.
2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03 03:25]
.
2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03 03:25]
.
2014-01-04 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2014-03-22 c:\windows\Tasks\HPCeeScheduleForcoldharbor1950.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-23 16:48 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-02-20 13662936]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-45734023.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
.
**************************************************************************
.
Completion time: 2014-03-23 12:48:09 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-23 17:48
.
Pre-Run: 426,123,304,960 bytes free
Post-Run: 426,956,378,112 bytes free
.
- - End Of File - - 7D83F9C4539274BFF46EF91118DA8760
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#42
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Well, Google has started up the same mess it was in the first place. I'm on Firefox now, since Internet Explorer is running so slowly pages time out. So far, Firefox is doing great. Maybe I can get some work done on Firefox?

I got rid of SpyBot through the Control Panel. After the reboot - the problem was back. I have no clue what is going on with this machine.
  • 0

#43
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

After using Firefox and Chrome this morning, the system rebooted to an almost blank screen.  I had to use System Restore from the Avast scan I did last night.  

 

Something is very wrong here.


  • 0

#44
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts

Hi,
Seems like one step forward and one back....

I don't believe that this is any malware causing your issues at this point.
I may send you into the windows forum if I can't find the answer to your problem.

HAving said that, let's try this program out, I swear by it...

Download  Windows Repair (all in one)  from this site Install the programme, then right click on the icon and select Run as administrator.

At the welcome screen, you will see a bunch of tabs - click on Step 2: Optional

In this tab please click on the Check button - if it finds any errors, click on the Do It button next.

This will cause your system to restart, and will run chkdsk, which could take anywhere from 20 mins to a few hours, so do this when you have time to let it run.

After this is finished, restart the program (right click icon - run as administrator) and go to Step 3: Optional
Click on the Do It button.
This will run a Windows utility called System File Check, which looks for modified or corrupted system files, and fixes them.
Reboot your computer after this runs.

Next, restart the program again (right click icon - run as administrator) and go to Step 4 tab
Please click on the Create button under System Restore and then the Backup button under Registry Backup.

After the backup completes, click on the Next button, then click on the Start button (in the program, not the Windows start button)

Now in this screen I would like you to please uncheck all boxes and then check the following boxes:

  • 01
  • 03
  • 04
  • 06
  • 07
  • 09
  • 11
  • 20
  • 22
  • 25
  • 26

Then click on the Start button (in the program)

Reboot after this runs

Use the computer for a little while and let me know if it's better at all.


Edited by Crowbar, 24 March 2014 - 11:13 AM.
typo

  • 0

#45
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Just getting home now - off to give it a try.  Will report back as soon as possible.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP