Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search Scopes


  • Please log in to reply

#61
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

Hi,

Serif Photo Plus did this to me???? I am not amused.

Actually I was focusing on a toolbar that serif photo plus installed, made by a company named conduit.
Here is a discussion on the Serif user forum
They say that the program can be installed without the toolbar, probably a box to uncheck during the install process.
Is the serif photo program now uninstalled?

That conduit toobar was hooked into chrome, and chrome is kind of cranky when extensions are removed outside of using chrome to remove them.
Let's try that same fix on chrome as before.

I know that Gimp is a free open source photo editor look at it here
 

I think I have to uninstall Malware Bytes. It sat at Creating Restore Point Do Not Interupt for a half hour, then I got a notice at the top it was not responding.

Sometimes MBAM will interfere with an OTL fix, usually disabling the protection for the fix does the trick.

A fresh OTL scan might show us what is going on with your startup and that missing spybot file. Was that a normal uninstall, using the control panel?

Step 1
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 2
Repeating my instruction for chrome....

  • Please close all instances of Chrome before you do this...
  • Please copy the text below:
    %localappdata%\Google\Chrome\User Data\
  • Click on the Start Orb
  • Paste the copied text into the search box and press enter
  • A folder will open up - scroll down in there to find the folder called Default
  • please right click on that folder and select Rename - call it Default-old2
  • Now open up Chrome, sign in and tell me what happens.

In your next reply I would like to see:

  • OTL log - there won't be an extras.txt file

  • 0

Advertisements


#62
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
I didn't uninstall the photo software yet.  If the software is okay, I'd like to continue to use it.  I've used it for so long and I'm old enough learning a new program after so long would be a pain.  I can do it if I have to.  Your call.
 
I did disable MBAM - and then it froze up.  I followed the instructions given in your post and uninstalled to run the OTL fix.  I re-installed MBAM as soon as I could and scanned immediately.  It was clean..  One concern there:  I asked for the basic free, and ended up with a Premium trial.  Not happy with that, but it's giving me extra protection for a few days.
 
I got rid of SpyBot the right way - went to control panel and uninstalled from there.  That's why I was so surprised it is doing that.
 
I am still getting the highlighted phrases and ads on Chrome.  
 
Changing the default per your directions above made no difference.  Still one extra window when opening Chrome with the note that my preferences cannot be loaded, and having to enable RoboForm.  I think yesterday was either an anomaly or running ADW made the difference, since it was right after I ran ADW that it opened correctly.
 
OTL Log:
 

OTL logfile created on: 3/28/2014 8:05:41 AM - Run 10
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\coldharbor1950\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.60 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 61.79% Memory free
7.20 Gb Paging File | 5.72 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.07 Gb Total Space | 397.70 Gb Free Space | 88.56% Space Free | Partition Type: NTFS
Drive D: | 16.59 Gb Total Space | 2.04 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 58.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: ICELAND | User Name: coldharbor1950 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/28 07:33:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.exe
PRC - [2014/03/27 18:45:45 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
PRC - [2014/03/15 15:41:07 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/03/05 09:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/03/05 09:24:40 | 007,430,968 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/02/13 05:06:20 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/12/08 17:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2011/12/07 19:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2011/08/16 17:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 17:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 12:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/27 18:45:45 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MOD - [2014/02/24 16:09:09 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/02/24 16:08:56 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/24 16:05:59 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9b7a5ab89ab75ec85de0cedebfde4c5f\ReachFramework.ni.dll
MOD - [2014/02/24 14:26:03 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/24 14:25:31 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/24 14:25:29 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/24 14:25:23 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/24 14:25:21 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/24 14:25:16 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/24 14:24:52 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/24 14:24:30 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/24 14:24:21 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/24 14:24:01 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/24 14:23:57 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/24 14:23:27 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2011/12/08 17:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2011/09/13 17:57:20 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/19 20:20:34 | 000,290,520 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2014/01/04 21:02:05 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/10/08 10:34:38 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/03/27 18:45:45 | 000,285,795 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -- (HOSTS Anti-PUPs)
SRV - [2014/03/24 19:01:41 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/15 03:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/05 09:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/12/07 19:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2011/09/09 20:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/16 17:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 12:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 19:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 19:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/28 07:20:18 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/03/05 09:26:18 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/03/05 09:26:04 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/01/04 21:02:05 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/01/04 21:02:05 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/12/17 20:11:58 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/31 19:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 19:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/11/09 23:00:39 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/09 23:00:39 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/11/09 23:00:39 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 16:49:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/18 16:49:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/23 10:53:10 | 000,104,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 11:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/16 04:41:55 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{4F1149B4-DD36-468D-A3A7-B9D541595DEF}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{71DB2072-787A-4596-A0E5-2E1030999197}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{BFEA6F40-07F2-4574-AA8F-7735F594B606}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/12/14 21:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Extensions
[2014/03/27 15:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\extensions
[2014/03/23 18:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\Profiles\6uaxzxqg.default\extensions
[2014/03/25 08:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\Profiles\ayimdl5u.default\extensions
[2014/02/15 08:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\Profiles\d9ahv30v.default\extensions
[2014/03/25 07:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/25 07:54:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_0\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_0\
CHR - Extension: avast! Online Security = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcpepjfelggimoebenbhbffgehlhjjib\9.0.2016.82_0\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_0\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_0\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_0\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: RoboForm = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_0\
 
O1 HOSTS File: ([2014/03/27 20:49:36 | 000,078,607 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 212link.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.adorika.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.egdating.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 1319 more lines...
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8:64bit: - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C336497-8C6C-437A-A03B-AB203EB0C7AC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/15 05:14:16 | 000,000,082 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/28 07:33:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.exe
[2014/03/27 21:51:54 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Local\ElevatedDiagnostics
[2014/03/27 16:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/03/27 16:55:00 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/27 16:54:59 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/03/27 16:54:59 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/27 16:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/03/27 15:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/03/27 15:59:20 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/27 15:01:49 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\mbar
[2014/03/27 08:46:06 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\0327 Comp Logs
[2014/03/27 08:22:03 | 001,038,974 | ---- | C] (Thisisu) -- C:\Users\coldharbor1950\Desktop\JRT.exe
[2014/03/25 08:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/25 08:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/03/25 07:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/03/24 23:04:08 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/24 22:57:11 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/03/24 18:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/24 16:21:43 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\Windows Repair (All in One)
[2014/03/24 16:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/03/24 16:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/03/23 11:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/03/23 11:23:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/23 10:27:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/03/23 10:27:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/03/23 10:27:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/03/23 10:27:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/03/23 10:20:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/23 10:10:26 | 005,190,773 | R--- | C] (Swearware) -- C:\Users\coldharbor1950\Desktop\ComboFix.exe
[2014/03/22 20:27:32 | 002,157,056 | ---- | C] (Farbar) -- C:\Users\coldharbor1950\Desktop\FRST64.exe
[2014/03/21 07:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/03/19 15:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/03/19 14:31:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/03/19 13:35:12 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\coldharbor1950\Desktop\tdsskiller.exe
[2014/03/18 15:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/03/18 15:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/03/18 14:53:17 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\RK_Quarantine
[2014/03/18 14:01:26 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\0318 Comp Repair
[2014/03/18 13:55:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/18 08:09:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.com
[2014/03/17 09:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/03/17 09:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/03/17 09:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2014/03/13 19:31:01 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Local\VS Revo Group
[2014/03/13 14:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/28 08:11:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/28 08:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/28 07:33:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.exe
[2014/03/28 07:20:18 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/28 04:11:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/27 22:09:26 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 22:09:26 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 20:54:26 | 000,783,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/27 20:54:26 | 000,651,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/27 20:54:26 | 000,118,604 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/27 20:49:36 | 000,078,607 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/03/27 20:49:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/27 18:45:45 | 000,001,143 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2014/03/27 16:55:06 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/27 08:40:22 | 000,333,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/27 08:22:20 | 001,038,974 | ---- | M] (Thisisu) -- C:\Users\coldharbor1950\Desktop\JRT.exe
[2014/03/27 08:19:11 | 001,950,720 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\AdwCleaner.exe
[2014/03/26 18:18:51 | 000,110,288 | ---- | M] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_26_14.html
[2014/03/25 07:55:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/24 23:25:10 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/24 23:14:35 | 000,783,424 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/24 22:58:32 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ICELAND-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/24 16:21:48 | 000,002,121 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/03/23 17:22:10 | 000,111,056 | ---- | M] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_23_14.html
[2014/03/23 10:10:47 | 005,190,773 | R--- | M] (Swearware) -- C:\Users\coldharbor1950\Desktop\ComboFix.exe
[2014/03/22 20:27:40 | 002,157,056 | ---- | M] (Farbar) -- C:\Users\coldharbor1950\Desktop\FRST64.exe
[2014/03/22 18:54:52 | 000,987,448 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\SecurityCheck.exe
[2014/03/22 07:07:05 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForcoldharbor1950.job
[2014/03/19 17:34:48 | 000,002,241 | ---- | M] () -- C:\Users\coldharbor1950\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/19 15:03:16 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/19 13:35:30 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\coldharbor1950\Desktop\tdsskiller.exe
[2014/03/19 11:32:31 | 000,053,843 | ---- | M] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_19_14.html
[2014/03/18 20:28:10 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/03/18 14:50:53 | 003,901,952 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\RogueKiller.exe
[2014/03/18 08:09:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.com
[2014/03/11 20:26:38 | 000,018,052 | ---- | M] () -- C:\Users\coldharbor1950\Documents\eBay.odt
[2014/03/05 09:26:18 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/03/05 09:26:08 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/05 09:26:04 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2014/03/27 18:45:45 | 000,001,143 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2014/03/27 16:55:06 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/27 08:40:14 | 000,333,712 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/27 08:19:07 | 001,950,720 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\AdwCleaner.exe
[2014/03/26 18:18:50 | 000,110,288 | ---- | C] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_26_14.html
[2014/03/25 07:55:02 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/03/25 07:55:02 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/24 22:58:32 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ICELAND-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/24 18:30:00 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/03/24 16:21:48 | 000,002,121 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/03/23 17:22:10 | 000,111,056 | ---- | C] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_23_14.html
[2014/03/23 10:27:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/23 10:27:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/23 10:27:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/23 10:27:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/23 10:27:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/22 18:54:41 | 000,987,448 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\SecurityCheck.exe
[2014/03/19 15:03:16 | 000,002,241 | ---- | C] () -- C:\Users\coldharbor1950\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/19 15:03:16 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/19 11:32:30 | 000,053,843 | ---- | C] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_19_14.html
[2014/03/18 14:50:53 | 003,901,952 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\RogueKiller.exe
[2014/03/10 10:53:13 | 000,018,052 | ---- | C] () -- C:\Users\coldharbor1950\Documents\eBay.odt
[2014/03/10 10:08:00 | 000,011,070 | ---- | C] () -- C:\Users\coldharbor1950\Documents\untitled_1.odt
[2014/01/05 09:32:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2014/01/04 21:02:07 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/01/04 21:02:07 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/10/25 21:53:36 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2013/10/08 10:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/10/08 08:36:07 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/08 08:36:07 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/08/21 22:22:33 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/05/11 11:59:30 | 000,078,697 | -H-- | C] () -- C:\Users\coldharbor1950\Bottom Contact.jpg
[2013/02/08 17:21:10 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2013/02/08 17:21:07 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2013/01/17 23:52:39 | 000,002,147 | -H-- | C] () -- C:\Users\coldharbor1950\PrintMaster-2012-Platinum.prefs
[2012/12/28 21:08:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Gems
[2012/12/28 21:08:52 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Fruit
[2012/12/28 21:07:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Generic
[2012/12/28 21:07:44 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Funk Animals
[2012/12/28 21:07:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Galaxy Swirl
[2012/12/28 21:07:43 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Frameworks
[2012/12/28 21:07:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hip Hop
[2012/12/28 21:07:08 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\HAL
[2012/11/25 16:08:40 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/10/21 08:08:26 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\AVAST Software
[2012/10/19 20:28:23 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\com.masque.slots.IGTSlotsLilLady
[2012/11/25 22:48:36 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Encore
[2013/12/18 10:53:43 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\IObit
[2013/12/15 09:58:43 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Masque
[2013/12/15 09:51:50 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\OpenOffice
[2013/12/15 09:51:49 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\OpenOffice.org
[2013/10/17 09:40:59 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Oracle
[2013/12/15 09:58:46 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\pdf995
[2013/07/13 08:07:21 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\RoboForm
[2013/12/15 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Scribus
[2013/12/15 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\SmartDraw
[2014/01/02 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\SoftGrid Client
[2012/12/05 13:24:50 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Stardock
[2014/02/20 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TaxCut
[2012/11/07 10:15:21 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TP
[2013/12/30 00:33:06 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TuneUp Software
[2012/10/23 22:16:14 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\WildTangent
[2012/10/11 17:51:54 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >
 

  • 0

#63
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Since ADW worked well on Chrome yesterday, I ran it again.  The only removal is highlighted below - and it's been removed repeatedly through this process.  I got curious and checked it out through the channels provided by Microsoft from the start button.  When I looked at it prior to running ADW a bit ago, it was there and inside the file there was something called 2_0.  No idea what that may be, but the number given in the code for it was exactly what the bolded line below was.

 

Since I ran the Cleaner and rebooted, it is not there now.  And Chrome opened correctly.  Unfortunately, I suspect that it will return after I close the browser.  That's been the case each time.

 

It seems odd to me that the exact same thing turns up on ADW each time.  Renaming my Default isn't doing anything.  Maybe whatever the problem is comes from this little nasty?

 

# AdwCleaner v3.022 - Report created 14/03/2014 at 08:01:31
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : coldharbor1950 - ICELAND
# Running from : C:\Users\coldharbor1950\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v35.0.1883.0
 
[ File : C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [13992 octets] - [17/12/2013 17:09:56]
AdwCleaner[R10].txt - [2087 octets] - [14/03/2014 07:59:36]
AdwCleaner[R1].txt - [5843 octets] - [17/12/2013 19:50:12]
AdwCleaner[R2].txt - [1055 octets] - [01/01/2014 12:50:49]
AdwCleaner[R3].txt - [1176 octets] - [02/01/2014 14:12:17]
AdwCleaner[R4].txt - [1301 octets] - [06/01/2014 18:12:19]
AdwCleaner[R5].txt - [1360 octets] - [07/01/2014 10:30:26]
AdwCleaner[R6].txt - [1995 octets] - [12/03/2014 16:06:05]
AdwCleaner[R7].txt - [2800 octets] - [13/03/2014 14:12:46]
AdwCleaner[R8].txt - [1846 octets] - [13/03/2014 18:31:25]
AdwCleaner[R9].txt - [1966 octets] - [14/03/2014 07:43:48]
AdwCleaner[S0].txt - [13610 octets] - [17/12/2013 17:16:35]
AdwCleaner[S1].txt - [5774 octets] - [17/12/2013 19:57:16]
AdwCleaner[S2].txt - [1117 octets] - [01/01/2014 12:53:14]
AdwCleaner[S3].txt - [1367 octets] - [06/01/2014 18:14:20]
AdwCleaner[S4].txt - [1422 octets] - [07/01/2014 10:39:49]
AdwCleaner[S5].txt - [2021 octets] - [12/03/2014 16:13:52]
AdwCleaner[S6].txt - [2719 octets] - [13/03/2014 14:15:33]
AdwCleaner[S7].txt - [1909 octets] - [13/03/2014 18:34:08]
AdwCleaner[S8].txt - [2029 octets] - [14/03/2014 07:45:52]
AdwCleaner[S9].txt - [2010 octets] - [14/03/2014 08:01:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [2070 octets] ##########
# AdwCleaner v3.022 - Report created 28/03/2014 at 10:31:58
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : coldharbor1950 - ICELAND
# Running from : C:\Users\coldharbor1950\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\coldharbor1950\AppData\Roaming\Mozilla\Firefox\Profiles\ayimdl5u.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [13992 octets] - [17/12/2013 17:09:56]
AdwCleaner[R10].txt - [4356 octets] - [14/03/2014 07:59:36]
AdwCleaner[R1].txt - [5843 octets] - [17/12/2013 19:50:12]
AdwCleaner[R2].txt - [1055 octets] - [01/01/2014 12:50:49]
AdwCleaner[R3].txt - [1176 octets] - [02/01/2014 14:12:17]
AdwCleaner[R4].txt - [1301 octets] - [06/01/2014 18:12:19]
AdwCleaner[R5].txt - [1360 octets] - [07/01/2014 10:30:26]
AdwCleaner[R6].txt - [4227 octets] - [12/03/2014 16:06:05]
AdwCleaner[R7].txt - [5066 octets] - [13/03/2014 14:12:46]
AdwCleaner[R8].txt - [4112 octets] - [13/03/2014 18:31:25]
AdwCleaner[R9].txt - [4302 octets] - [14/03/2014 07:43:48]
AdwCleaner[S0].txt - [13610 octets] - [17/12/2013 17:16:35]
AdwCleaner[S1].txt - [5774 octets] - [17/12/2013 19:57:16]
AdwCleaner[S2].txt - [1117 octets] - [01/01/2014 12:53:14]
AdwCleaner[S3].txt - [1367 octets] - [06/01/2014 18:14:20]
AdwCleaner[S4].txt - [1422 octets] - [07/01/2014 10:39:49]
AdwCleaner[S5].txt - [4207 octets] - [12/03/2014 16:13:52]
AdwCleaner[S6].txt - [4988 octets] - [13/03/2014 14:15:33]
AdwCleaner[S7].txt - [4178 octets] - [13/03/2014 18:34:08]
AdwCleaner[S8].txt - [4368 octets] - [14/03/2014 07:45:52]
AdwCleaner[S9].txt - [4281 octets] - [14/03/2014 08:01:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [4341 octets] ##########

Edited by krisinluck, 28 March 2014 - 09:55 AM.

  • 0

#64
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

As far as I can tell, that chrome extension is for a game called bejeweled.

From your first OTL log:

CHR - Extension: Bejeweled = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\


Seems legit, but Chrome does not really like having extensions removed in this manner, sometimes it's necessary.
Can you go into the chrome menu and look for that extension? If you see it, remove it.

Did you ever install this game in chrome?







 


  • 0

#65
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Yes, I did install it about three years ago.  I haven't played it for at least two years now.  Of course, Chrome carries everything forever - it doesn't just get on your system.  It's in your Chrome files. 

 

I did remove it manually.  And so far, Google is behaving well, if a bit slow.  (It's been sluggish almost all month.)  I have closed Google and reopened fine with only the Chrome window..  Also have rebooted and opened Chrome - opened perfectly.  Whether it lasts or not remains to be seen.  

 

Edit to add that since ADW was removing it each time, and it was coming back, removing it manually appears to me to be the only option to clean things up here.


Edited by krisinluck, 29 March 2014 - 09:27 AM.

  • 0

#66
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

Use chrome for a while, maybe restart your computer a few times, and see if chrome becomes stable.  If so, we can clean up that mess of tools I put on there.


  • 0

#67
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Okay.  I've been on a lot today - editing photos, playing some games, doing some work.  I have rebooted twice.  The only issues I have now are:
  • Google is again opening just one extra window with the cannot install preferences thing.  Once I close that, it loads just fine.  
  • The computer lags sometimes.  It's happened in eBay, on Facebook, and when editing my photos.  A reboot makes it better.  It never used to do that.
  • When playing games, they tend to flicker and/or move really slow at times.  Videos do not seem to be a problem.

Unless you have ideas on the issues that are still cropping up, let's clean it up and you can move on to other people with issues on their computers.  I am so grateful for your help with this.  I'd make you any kind of cookies you want in exchange for your help - and patience - with a middle aged me.  I learned a lot, too, which is not a bad thing at all.


  • 0

#68
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Hello,
I think you might want to post in the Web Browsers and Email forum
I bet you can find some good Chrome wisdom in there!

Sorry that I could not fix every problem you had, but we did get rid of some malware hiding in your system!

Cookies? I kind of prefer oatmeal rasin, but really, are there any bad cookies? :D
Since you can't post cookies here, you can always make some and give them to someone you know that's feeling a little down.

I am especially glad that you learned some stuff, that's part of our mission here. We would prefer not to see you back in the Malware Removal Forum anytime soon.

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


We need to remove the tools we've used during cleaning your machine
First we need to uninstall Combofix, as it's updated constantly and an old version does not do anyone any good:
Uninstall ComboFix
  • Press the Windows key and R on the keyboard, this opens the Run box
  • In the run box, please type Combofix /Uninstall (Notice the space between the "x" and "/") then click OK

    CF_Uninstall-1.jpg
  • Follow the instructions on the screen
  • A message should appear confirming that ComboFix was uninstalled
Next we remove the rest of the tools:
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
If there are any other files left on your desktop, you can now right click them and select Delete

javaicon.gif
Do you use Java If you do not use it, you are better off uninstalling it completely. Go to your Control Panel, Uninstall a Program, then find any instance of Java in the list and click on Uninstall - do this until there are no instances of Java in the list. If you do use Java....
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version
SPRING CLEAN


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent
Please intstall this program to ensure that the crypto ransomware malware does not take hold of your system.
CryptoPrevent.JPG


mbamicontw5.gif
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visitTo learn more about how to protect yourself while on the internet read these two articles:
How did I get infected in the first place ?
So how did I get infectd in the first place

Keep safe :wave:
  • 0

#69
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

We have new people moving in across the street.  I suspect the big move is tomorrow.  I'm making cookies to send over there.  Five houses on this block of this little village, and the neighbors tend to be very standoffish.  So I'm going to be nice and do that for them - and that will cover the cookie thing.   :yes:

 

ComboFix is uninstalled.

 

DelFix is run.

 

CryptoPrevent is installed.  (And I laughed at the name when I saw the website!  I'm old, but after years of working in bars and restaurants, I'm no prude.  My daughter laughed too!)

 

MalwareBytes has been installed since before this started the last time.  I keep it updated.  

 

Sadly, I do use Java every day.  The most recent update is crap, though.  Hopefully they will fix the bugs in it.

 

Will check in tomorrow morning and let you know how things are running.  Again, incredibly grateful for your patience and your help with this!  I'm going to go get some work done now!  


  • 0

#70
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Other than the extra window with the cannot load preferences issue, things seem to be running beautifully.  I will post in the browser forum about that issue.

 

Thank you more than words on a screen can convey.  


  • 0

Advertisements


#71
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

Hi -

 

CryptoPrevent is installed.  (And I laughed at the name when I saw the website!  I'm old, but after years of working in bars and restaurants, I'm no prude.  My daughter laughed too!)

I giggle every time I see that as well :lol:

 

We have new people moving in across the street.  I suspect the big move is tomorrow.  I'm making cookies to send over there.  Five houses on this block of this little village, and the neighbors tend to be very standoffish.  So I'm going to be nice and do that for them - and that will cover the cookie thing.

 

That is great!  Although, I kind of want some cookies now..... :)
 

 

Thank you more than words on a screen can convey.

 

It's been my pleasure working with you, I am so glad that you and your computer are happy once again :happy:


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP