Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Search Scopes

Started by krisinluck , Mar 18 2014 07:58 AM

Please log in to reply

#1
krisinluck

Posted 18 March 2014 - 07:58 AM

Member

Member
116 posts

This started up again about 9 days ago. At first, it was just lag when Chrome opened. Then my Java stopped working. And it's gone downhill from there.

Chrome won't work at all now - opens several different tabs that say "your preferences cannot be loaded". At first, I could sign in to Chrome and make it better. Then it was trying to get me to enable extensions of things I had never seen before with the exception of RoboForm, which it still won't load.

Then it spiraled even more, to where once I closed the "cannot be loaded" extras, it would crash. I removed Chrome and ran AVG and Anti-Malware Bytes. Both came up with how pristine my system is, and this continues today. Unfortunately, it is obviously not clean.

It's terribly slow, it bashed my Google, it won't let me list on eBay without messing with the format (I have active listings at this time, and I need to be available, which is why I have lowered myself to Internet Explorer after almost 10

This isn't the first time it's happened, either. I was working with someone here earlier this year - they said they would be on the road for a few weeks and I have never heard another word. So I suspect this is an extension of that issue, since it was never completed.

Even I know that SearchScopes is bad news. What I don't know is how to kill it completely.

OTL logfile created on: 3/18/2014 8:20:27 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\coldharbor1950\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 55.73% Memory free
7.20 Gb Paging File | 5.46 Gb Available in Paging File | 75.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.07 Gb Total Space | 397.14 Gb Free Space | 88.43% Space Free | Partition Type: NTFS
Drive D: | 16.59 Gb Total Space | 2.04 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 58.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ICELAND | User Name: coldharbor1950 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/18 08:13:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\coldharbor1950\Downloads\OTL (1).com
PRC - [2014/03/15 15:41:07 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/02/13 05:06:20 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/01/22 13:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/01/22 13:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 15:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/12/08 17:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2011/12/07 19:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/12/08 17:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2011/09/13 17:57:20 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/19 20:20:34 | 000,290,520 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2014/01/04 21:02:05 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/10/08 10:34:38 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/03/15 16:05:23 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/22 13:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/12/18 10:38:40 | 002,102,072 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/12/07 19:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2011/09/09 20:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/16 17:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 12:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 19:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 19:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/04 21:02:05 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/01/04 21:02:05 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/12/17 20:11:58 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/12/15 17:55:13 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/11/25 22:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/11/25 22:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/25 22:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/01 00:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 23:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/01 01:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 01:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 17:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 15:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/31 19:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 19:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/11/09 23:00:39 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/09 23:00:39 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/11/09 23:00:39 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 16:49:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/18 16:49:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/23 10:53:10 | 000,104,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 11:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/16 04:41:55 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/03 12:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/12/16 15:34:30 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{4F1149B4-DD36-468D-A3A7-B9D541595DEF}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {71DB2072-787A-4596-A0E5-2E1030999197}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{71DB2072-787A-4596-A0E5-2E1030999197}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{BFEA6F40-07F2-4574-AA8F-7735F594B606}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014/03/15 13:33:29 | 000,000,000 | ---D | M]

[2013/12/14 21:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Extensions
[2013/12/15 09:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\extensions
[2013/12/15 09:58:46 | 000,000,000 | ---D | M] (Serif PhotoPlus) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\extensions\{8f2767f8-338a-4258-bd1c-4de5a3d8cdb2}
[2014/02/15 08:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\Profiles\d9ahv30v.default\extensions
[2013/12/14 21:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/14 21:10:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.c...r/render?tab=Xc
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Advanced SystemCare 7 (Enabled) = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\\1.0.0_0\Plugin/ASCPlugin_Protect.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll
CHR - plugin: Coupons Inc., Coupon Printer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Disabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows LiveÂ™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Bejeweled = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Google Docs = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Drive = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_4\
CHR - Extension: Google Drive = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_5\
CHR - Extension: Google Drive = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_6\
CHR - Extension: Google Drive = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_7\
CHR - Extension: Google Drive = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_8\
CHR - Extension: Google Drive = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_9\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_1\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_10\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_11\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_12\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_13\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_14\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_15\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_16\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_17\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_2\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_3\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_4\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_5\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_6\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_7\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_8\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_9\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_0\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_1\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_10\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_11\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_12\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_13\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_14\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_15\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_16\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_17\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_18\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_2\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_3\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_4\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_5\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_6\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_7\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_8\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_9\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_0\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_1\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_10\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_11\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_12\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_13\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_14\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_15\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_16\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_17\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_2\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_3\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_4\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_5\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_6\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_7\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_8\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_9\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_0\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_1\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_10\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_11\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_12\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_13\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_14\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_15\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_16\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_17\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_2\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_3\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_4\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_5\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_6\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_7\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_8\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_9\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_1\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_10\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_11\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_12\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_13\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_14\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_15\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_16\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_17\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_2\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_3\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_4\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_5\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_6\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_7\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_8\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_9\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_0\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_1\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_10\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_11\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_12\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_13\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_14\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_15\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_16\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_17\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_2\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_3\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_4\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_5\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_6\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_7\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_8\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_9\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_10\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_11\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_12\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_13\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_14\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_15\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_16\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_17\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_18\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_19\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_2\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_20\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_21\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_22\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_23\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_24\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_25\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_3\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_4\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_5\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_6\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_7\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_8\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_9\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_0\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_1\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_10\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_11\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_12\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_13\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_14\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_15\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_16\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_17\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_18\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_19\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_2\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_20\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_21\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_3\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_4\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_5\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_6\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_7\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_8\
CHR - Extension: No name found = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_9\

O1 HOSTS File: ([2014/01/01 15:43:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8:64bit: - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C336497-8C6C-437A-A03B-AB203EB0C7AC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\driverbooster.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\googledrivesync.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\hpsf.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\pdfvista.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\driverbooster.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\googledrivesync.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\hpsf.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\pdfvista.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/15 05:14:16 | 000,000,082 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/17 14:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/03/17 09:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/03/17 09:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/03/17 09:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/03/17 09:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2014/03/17 09:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2014/03/16 11:40:17 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/03/16 11:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/03/15 19:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/15 19:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/15 19:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/03/15 14:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/03/13 19:31:01 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Local\VS Revo Group
[2014/03/13 14:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2014/02/24 14:04:08 | 000,040,248 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2014/02/24 14:03:58 | 000,029,496 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2014/02/24 14:03:58 | 000,025,400 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2014/02/24 14:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
[2014/02/24 14:03:08 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Roaming\AVG
[2014/02/24 14:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/02/24 14:01:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/02/20 18:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2013
[2014/02/20 18:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2013
[2014/02/20 13:51:30 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\2013 Taxes
[2014/02/19 20:20:12 | 000,000,000 | ---D | C] -- C:\DrvInstall
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/18 08:11:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/18 08:04:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/18 07:20:11 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/17 23:19:00 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/17 23:19:00 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/17 23:15:57 | 000,783,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/17 23:15:57 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/17 23:15:57 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/17 23:10:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/17 19:03:51 | 000,002,241 | ---- | M] () -- C:\Users\coldharbor1950\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/17 14:24:40 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/17 09:59:05 | 000,001,341 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/03/17 09:44:24 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/03/17 09:43:24 | 000,001,325 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\spywareblastersetup50 - Shortcut.lnk
[2014/03/16 14:45:04 | 000,333,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/16 13:52:33 | 000,000,968 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140316_135229.reg
[2014/03/16 11:40:17 | 000,000,824 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\CCleaner.lnk
[2014/03/16 08:07:07 | 000,006,528 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140316_080703.reg
[2014/03/16 08:06:17 | 000,052,550 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140316_080611.reg
[2014/03/15 14:44:39 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/03/11 20:26:38 | 000,018,052 | ---- | M] () -- C:\Users\coldharbor1950\Documents\eBay.odt
[2014/02/27 23:42:40 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/02/24 14:03:41 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2014/02/24 14:03:41 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2014/02/23 11:53:30 | 000,775,546 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/20 18:51:26 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\H&R Block 2013.lnk
[2014/02/20 02:07:24 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForcoldharbor1950.job
[2014/02/19 20:20:32 | 000,704,269 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/02/19 20:12:58 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/17 14:24:40 | 000,002,241 | ---- | C] () -- C:\Users\coldharbor1950\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/17 14:24:40 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/17 09:59:05 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/03/17 09:59:05 | 000,001,341 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/03/17 09:44:24 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/03/17 09:43:24 | 000,001,325 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\spywareblastersetup50 - Shortcut.lnk
[2014/03/16 14:44:47 | 000,333,712 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/16 13:52:31 | 000,000,968 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140316_135229.reg
[2014/03/16 11:40:17 | 000,000,824 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\CCleaner.lnk
[2014/03/16 08:07:05 | 000,006,528 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140316_080703.reg
[2014/03/16 08:06:14 | 000,052,550 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140316_080611.reg
[2014/03/10 10:53:13 | 000,018,052 | ---- | C] () -- C:\Users\coldharbor1950\Documents\eBay.odt
[2014/03/10 10:08:00 | 000,011,070 | ---- | C] () -- C:\Users\coldharbor1950\Documents\untitled_1.odt
[2014/02/24 14:03:41 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2014/02/24 14:03:41 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2014/02/24 14:03:38 | 000,002,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2014/02/20 18:51:26 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\H&R Block 2013.lnk
[2014/02/19 20:20:32 | 000,704,269 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/02/19 20:13:02 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/01/05 09:32:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2014/01/04 21:02:07 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/01/04 21:02:07 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/10/25 21:53:36 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2013/10/08 10:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/10/08 08:36:07 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/08 08:36:07 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/08/21 22:22:33 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/05/11 11:59:30 | 000,078,697 | -H-- | C] () -- C:\Users\coldharbor1950\Bottom Contact.jpg
[2013/02/08 17:21:10 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2013/02/08 17:21:07 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2013/01/17 23:52:39 | 000,002,147 | -H-- | C] () -- C:\Users\coldharbor1950\PrintMaster-2012-Platinum.prefs
[2012/12/28 21:08:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Gems
[2012/12/28 21:08:52 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Fruit
[2012/12/28 21:07:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Generic
[2012/12/28 21:07:44 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Funk Animals
[2012/12/28 21:07:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Galaxy Swirl
[2012/12/28 21:07:43 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Frameworks
[2012/12/28 21:07:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hip Hop
[2012/12/28 21:07:08 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\HAL
[2012/11/25 16:08:40 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/21 08:08:26 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\AVAST Software
[2014/03/15 13:30:52 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\AVG
[2013/12/30 00:35:20 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\AVG2014
[2012/10/19 20:28:23 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\com.masque.slots.IGTSlotsLilLady
[2012/11/25 22:48:36 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Encore
[2013/12/18 10:53:43 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\IObit
[2013/12/15 09:58:43 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Masque
[2013/12/15 09:51:50 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\OpenOffice
[2013/12/15 09:51:49 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\OpenOffice.org
[2013/10/17 09:40:59 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Oracle
[2013/12/15 09:58:46 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\pdf995
[2013/07/13 08:07:21 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\RoboForm
[2013/12/15 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Scribus
[2013/12/15 09:51:53 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Serif
[2013/12/15 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\SmartDraw
[2014/01/02 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\SoftGrid Client
[2012/12/05 13:24:50 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Stardock
[2014/02/20 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TaxCut
[2012/11/07 10:15:21 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TP
[2013/12/30 00:33:06 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TuneUp Software
[2012/10/23 22:16:14 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\WildTangent
[2012/10/11 17:51:54 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 512 bytes -> C:\Users\coldharbor1950\Documents\Butternut Dining Room.ppp:SummaryInformation
@Alternate Data Stream - 384 bytes -> C:\Users\coldharbor1950\Documents\Butternut Dining Room.Spp:SummaryInformation
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#2
Crowbar

Posted 18 March 2014 - 10:19 AM

Teacher

GeekU Moderator
4,798 posts

Hello krisinluck and welcome to the Virus, Spyware, Malware Removal forum !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

Please read all of my response through at least once before attempting to follow the procedures described.
Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
Please follow the steps exactly as written, in the same order.
If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Also please note before we begin:
Please be aware that removing Malware can be a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot %100 guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before we start.

Hi there,
Looking back on your past topics, I see what you are talking about. One unfinished topic (it happens sometimes) and one unanswered.
I am going to close your unanswered topic, probably unanswered because you posted in your own topic before someone found it.
We usually look for topics with zero replies, that's most likely how is was missed, sorry.

I am going to look at your log file now, and post back in a little while.

Please stand by for the moment

#3
krisinluck

Posted 18 March 2014 - 10:40 AM

Member

Topic Starter
Member
116 posts

Thank you! I'll be watching for you.

#4
Crowbar

Posted 18 March 2014 - 11:25 AM

Teacher

GeekU Moderator
4,798 posts

Hi there,
Here are my observations, followed by some fixes to get us started:

First thing to do is to move your copy of OTL to your Desktop. This will make it much easier to deal with the log files.
You can copy/paste it from your downoads folder, where it is now, to the desktop, or you can download a fresh copy to your desktop, whichever is easier for you to do.
Is there a reason why you downloaded the .com version of it?

Not sure what you mean about Internet Explorer, there is nothing wrong with using it, although yours needs to be updated to version 10, or 11.
IE is just as secure as any other browser, but if you prefer to use chrome, or firefox, they are all good choices.

Looking at your chrome, it looks a bit wacky, but let's see how it looks after this round of fixes.

I must say that AVG is not a favorite of mine, it's slows things down, and it's bloated with un-necessary stuff, such as the PC tune up, but we can discuss that in more detail later.

"Registry Cleaners" or "Boosters" -
I do not recommend the use of any tools that claim to clean or optimize the registry.
At best these tools will do nothing, at worst they can break your computer to the point that it is no longer bootable.
These include: slimware utilities, Ccleaner.
While Ccleaner has some good uses, please, please stay away from the registry cleaning section of this program.

I personally don't recommend spywareblaster on Win 7 and above computers, as I feel it's not necessary on the newer machines.

You have an iobit product called driver booster - I would uninstall this ASAP, unless you are a gamer looking to squeeze every bit of video performance out of your computer, I find that if a driver is not broke, I don't fix it.
Iobit is not a reputable company.

I have a bunch of steps for you to do, take your time on them if you need to. I will be checking in later tonight, but won't be available until then.

Step 1

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:commands
[createrestorepoint]
:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014/03/15 13:33:29 | 000,000,000 | ---D | M]
[2013/12/15 09:58:46 | 000,000,000 | ---D | M] (Serif PhotoPlus) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\extensions\{8f2767f8-338a-4258-bd1c-4de5a3d8cdb2}
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
:commands
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log it produces in your next reply.

Step 2
Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run as administrator.
Click the Scan button.
AdwCleaner will begin. Be patient as the scan may take some time to complete.
After the scan has finished, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Step 3
Posted Image

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 4

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 5
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the 64 bit version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

In your next reply I would like to see:

OTL fix log
ADWCleaner log
Junkware Removal Tool log file
RogueKiller log file(s)
Log files from FRST - FRST.txt and Addition.txt
How is the computer now? What are the current symptoms?

#5
krisinluck

Posted 18 March 2014 - 03:52 PM

Member

Topic Starter
Member
116 posts

OTL Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014/03/15 13:33:29 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < [2013/12/15 09:58:46 | 000,000,000 | ---D | M] (Serif PhotoPlus) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\extensions\{8f2767f8-338a-4258-bd1c-4de5a3d8cdb2}> in the current context!
Error: Unable to interpret < @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34> in the current context!
Error: Unable to interpret < :commands> in the current context!

[EMPTYTEMP]

User: All Users

User: coldharbor1950
->Temp folder emptied: 52391829 bytes
->Temporary Internet Files folder emptied: 5624527 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19976502 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57243 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8500 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78369142 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 149.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03182014_135541

Files\Folders moved on Reboot...
C:\Users\coldharbor1950\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\coldharbor1950\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\coldharbor1950\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJF0P2EV\337941-search-scopes[1].htm moved successfully.
C:\Users\coldharbor1950\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4UVGVLC1\request_ad[1].htm moved successfully.
C:\Users\coldharbor1950\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\coldharbor1950\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\coldharbor1950\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#6
krisinluck

Posted 18 March 2014 - 03:54 PM

Member

Topic Starter
Member
116 posts

ADW Cleaner:

# AdwCleaner v3.021 - Report created 12/03/2014 at 16:13:52
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : coldharbor1950 - ICELAND
# Running from : C:\Users\coldharbor1950\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\coldharbor1950\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
File Deleted : C:\Windows\Tasks\Driver Booster Update.job
File Deleted : C:\Windows\System32\Tasks\Driver Booster Update

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v

-\\ Google Chrome v35.0.1883.0

[ File : C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [13992 octets] - [17/12/2013 17:09:56]
AdwCleaner[R1].txt - [5843 octets] - [17/12/2013 19:50:12]
AdwCleaner[R2].txt - [1055 octets] - [01/01/2014 12:50:49]
AdwCleaner[R3].txt - [1176 octets] - [02/01/2014 14:12:17]
AdwCleaner[R4].txt - [1301 octets] - [06/01/2014 18:12:19]
AdwCleaner[R5].txt - [1360 octets] - [07/01/2014 10:30:26]
AdwCleaner[R6].txt - [1995 octets] - [12/03/2014 16:06:05]
AdwCleaner[S0].txt - [13610 octets] - [17/12/2013 17:16:35]
AdwCleaner[S1].txt - [5774 octets] - [17/12/2013 19:57:16]
AdwCleaner[S2].txt - [1117 octets] - [01/01/2014 12:53:14]
AdwCleaner[S3].txt - [1367 octets] - [06/01/2014 18:14:20]
AdwCleaner[S4].txt - [1422 octets] - [07/01/2014 10:39:49]
AdwCleaner[S5].txt - [1881 octets] - [12/03/2014 16:13:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1941 octets] ##########
# AdwCleaner v3.022 - Report created 18/03/2014 at 14:14:38
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : coldharbor1950 - ICELAND
# Running from : C:\Users\coldharbor1950\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v

-\\ Google Chrome v

[ File : C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [13992 octets] - [17/12/2013 17:09:56]
AdwCleaner[R10].txt - [2087 octets] - [14/03/2014 07:59:36]
AdwCleaner[R1].txt - [5843 octets] - [17/12/2013 19:50:12]
AdwCleaner[R2].txt - [1055 octets] - [01/01/2014 12:50:49]
AdwCleaner[R3].txt - [1176 octets] - [02/01/2014 14:12:17]
AdwCleaner[R4].txt - [1301 octets] - [06/01/2014 18:12:19]
AdwCleaner[R5].txt - [1360 octets] - [07/01/2014 10:30:26]
AdwCleaner[R6].txt - [4227 octets] - [12/03/2014 16:06:05]
AdwCleaner[R7].txt - [2800 octets] - [13/03/2014 14:12:46]
AdwCleaner[R8].txt - [1846 octets] - [13/03/2014 18:31:25]
AdwCleaner[R9].txt - [1966 octets] - [14/03/2014 07:43:48]
AdwCleaner[S0].txt - [13610 octets] - [17/12/2013 17:16:35]
AdwCleaner[S1].txt - [5774 octets] - [17/12/2013 19:57:16]
AdwCleaner[S2].txt - [1117 octets] - [01/01/2014 12:53:14]
AdwCleaner[S3].txt - [1367 octets] - [06/01/2014 18:14:20]
AdwCleaner[S4].txt - [1422 octets] - [07/01/2014 10:39:49]
AdwCleaner[S5].txt - [3827 octets] - [12/03/2014 16:13:52]
AdwCleaner[S6].txt - [2719 octets] - [13/03/2014 14:15:33]
AdwCleaner[S7].txt - [1909 octets] - [13/03/2014 18:34:08]
AdwCleaner[S8].txt - [2029 octets] - [14/03/2014 07:45:52]
AdwCleaner[S9].txt - [2150 octets] - [14/03/2014 08:01:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [4127 octets] ##########

#7
krisinluck

Posted 18 March 2014 - 03:55 PM

Member

Topic Starter
Member
116 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by coldharbor1950 on Tue 03/18/2014 at 14:22:36.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/18/2014 at 14:42:21.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#8
krisinluck

Posted 18 March 2014 - 03:57 PM

Member

Topic Starter
Member
116 posts

Rogue Killer:

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : coldharbor1950 [Admin rights]
Mode : Scan -- Date : 03/18/2014 14:57:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721050CLA662 SATA Disk Device +++++
--- User ---
[MBR] 478e52173e8c9bc9016ce34659440c4e
[BSP] 106318002ff973c24a79129b1965dd4c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 459850 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 941979648 | Size: 16988 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 71e9abb570d9835a19823fd796055de5
[BSP] 373ba31d88b74d6523fe70cd0237f7a8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 205154304 | Size: 300 Mo

Finished : << RKreport[0]_S_03182014_145719.txt >>

#9
krisinluck

Posted 18 March 2014 - 03:59 PM

Member

Topic Starter
Member
116 posts

FRST Report:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by coldharbor1950 (administrator) on ICELAND on 18-03-2014 15:03:09
Running from C:\Users\coldharbor1950\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-02-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-387024861-1857405023-142887614-1000\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-03-15] (Siber Systems)
IFEO\hpsf.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pdfvista.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {4F1149B4-DD36-468D-A3A7-B9D541595DEF} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - DefaultScope {71DB2072-787A-4596-A0E5-2E1030999197} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {71DB2072-787A-4596-A0E5-2E1030999197} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-11-25]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-12-07]

Chrome:
=======
CHR HomePage: https://www.google.c...r/render?tab=Xc
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Advanced SystemCare 7) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\\1.0.0_0\Plugin/ASCPlugin_Protect.dll No File
CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll (Siber Systems Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Extension: (Bejeweled) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-03-14]
CHR Extension: (Google Docs) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-30]
CHR Extension: (Google Drive) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]
CHR Extension: (No Name) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-02-25]
CHR Extension: (YouTube) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17]
CHR Extension: (Google Search) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2013-12-30]
CHR Extension: (Pin It Button) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-12-30]
CHR Extension: (Social Fixer for Facebook) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2013-12-30]
CHR Extension: (Office Apps) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke [2013-12-30]
CHR Extension: (Google Mail Checker) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-12-30]
CHR Extension: (Crosswords) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf [2014-01-04]
CHR Extension: (Google Wallet) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17]
CHR Extension: (RoboForm) - C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-12]
CHR HKCU\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\coldharbor1950\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx [2014-03-12]
CHR HKCU\...\Chrome\Extension: [eijoglodfkeicibboibphapnoahoaapi] - C:\Users\coldharbor1950\AppData\Local\CRE\eijoglodfkeicibboibphapnoahoaapi.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\coldharbor1950\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [eijoglodfkeicibboibphapnoahoaapi] - C:\Users\coldharbor1950\AppData\Local\CRE\eijoglodfkeicibboibphapnoahoaapi.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-19] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-15] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-17] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-18 15:03 - 2014-03-18 15:03 - 00020466 _____ () C:\Users\coldharbor1950\Desktop\FRST.txt
2014-03-18 15:01 - 2014-03-18 15:01 - 02157056 _____ (Farbar) C:\Users\coldharbor1950\Desktop\FRST64.exe
2014-03-18 14:53 - 2014-03-18 15:00 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\RK_Quarantine
2014-03-18 14:50 - 2014-03-18 14:50 - 03901952 _____ () C:\Users\coldharbor1950\Desktop\RogueKiller.exe
2014-03-18 14:42 - 2014-03-18 14:42 - 00000958 _____ () C:\Users\coldharbor1950\Desktop\JRT.txt
2014-03-18 14:21 - 2014-03-18 14:21 - 01037734 _____ (Thisisu) C:\Users\coldharbor1950\Downloads\JRT.exe
2014-03-18 14:21 - 2014-03-18 14:21 - 00001157 _____ () C:\Users\coldharbor1950\Desktop\JRT - Shortcut.lnk
2014-03-18 14:09 - 2014-03-18 14:09 - 01950720 _____ () C:\Users\coldharbor1950\Downloads\AdwCleaner.exe
2014-03-18 14:09 - 2014-03-18 14:09 - 00001230 _____ () C:\Users\coldharbor1950\Desktop\AdwCleaner - Shortcut.lnk
2014-03-18 14:01 - 2014-03-18 14:59 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\0318 Comp Repair
2014-03-18 13:58 - 2014-03-18 14:16 - 00000500 _____ () C:\Windows\PFRO.log
2014-03-18 13:55 - 2014-03-18 13:55 - 00000000 ____D () C:\_OTL
2014-03-18 12:36 - 2014-03-18 12:36 - 00005633 _____ () C:\Users\coldharbor1950\Documents\CompFix 031814.txt
2014-03-18 12:34 - 2014-03-18 12:34 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Desktop\OTL.exe
2014-03-18 12:18 - 2014-03-18 14:16 - 00000168 _____ () C:\Windows\setupact.log
2014-03-18 12:18 - 2014-03-18 12:19 - 00333712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 12:18 - 2014-03-18 12:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-18 10:42 - 2014-03-18 10:42 - 00156902 _____ () C:\Users\coldharbor1950\Downloads\OTL 0318 Safe Mode.txt
2014-03-18 10:01 - 2014-03-18 10:01 - 00000382 _____ () C:\Users\coldharbor1950\Documents\cc_20140318_100102.reg
2014-03-18 08:41 - 2014-03-18 08:41 - 00160168 _____ () C:\Users\coldharbor1950\Downloads\OTL 0318.txt
2014-03-18 08:13 - 2014-03-18 08:13 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Downloads\OTL (1).com
2014-03-18 08:09 - 2014-03-18 08:09 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Desktop\OTL.com
2014-03-18 08:01 - 2014-03-18 09:00 - 00162466 _____ () C:\Users\coldharbor1950\Desktop\G2G 0318.txt
2014-03-17 22:49 - 2014-03-17 22:49 - 00169560 _____ () C:\Users\coldharbor1950\Desktop\OTL 0317.txt
2014-03-17 09:59 - 2014-03-17 09:59 - 00001341 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-17 09:44 - 2014-03-18 10:21 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-17 09:44 - 2014-03-17 09:44 - 00001041 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-03-17 09:44 - 2014-03-17 09:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-17 09:44 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-03-17 09:43 - 2014-03-17 09:43 - 00001325 _____ () C:\Users\coldharbor1950\Desktop\spywareblastersetup50 - Shortcut.lnk
2014-03-17 09:40 - 2014-03-17 09:40 - 04095448 _____ (BrightFort LLC ) C:\Users\coldharbor1950\Downloads\spywareblastersetup50.exe
2014-03-17 08:29 - 2014-03-17 21:19 - 00169560 _____ () C:\Users\coldharbor1950\Desktop\OTL.Txt
2014-03-16 13:52 - 2014-03-16 13:52 - 00000968 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_135229.reg
2014-03-16 11:40 - 2014-03-16 11:40 - 00002790 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-16 11:40 - 2014-03-16 11:40 - 00000824 _____ () C:\Users\coldharbor1950\Desktop\CCleaner.lnk
2014-03-16 11:40 - 2014-03-16 11:40 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-03-16 11:40 - 2014-03-16 11:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-16 08:07 - 2014-03-16 08:07 - 00006528 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_080703.reg
2014-03-16 08:06 - 2014-03-16 08:06 - 00052550 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_080611.reg
2014-03-15 19:15 - 2014-03-15 19:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-15 19:14 - 2014-03-15 19:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-15 19:12 - 2014-03-15 19:12 - 00921000 _____ (Oracle Corporation) C:\Users\coldharbor1950\Downloads\chromeinstall-7u51 (2).exe
2014-03-15 16:09 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-15 16:09 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-15 16:09 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-15 16:09 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-15 16:09 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-15 16:09 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-15 16:09 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-15 16:09 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-15 16:09 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-15 16:09 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-15 16:09 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-15 16:09 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-15 16:08 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-15 16:08 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-15 16:08 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-15 16:08 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-15 16:08 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-15 16:08 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-15 16:08 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-15 16:08 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-15 16:08 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-15 16:08 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-15 16:08 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-15 16:08 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-15 16:08 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-15 16:08 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-15 16:08 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-15 16:08 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-15 16:08 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-15 16:08 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-15 16:08 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-15 16:08 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-15 16:08 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-15 16:08 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-15 16:08 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-15 16:08 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-15 16:08 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-15 16:08 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-15 16:08 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-15 16:08 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-15 16:08 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-15 16:08 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-15 16:08 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-15 16:08 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-15 16:06 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-15 16:06 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-15 16:05 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-15 16:05 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-15 15:40 - 2014-03-15 15:40 - 14805000 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup-cnetc (1).exe
2014-03-15 09:17 - 2014-03-15 13:33 - 00000000 ____D () C:\Users\coldharbor1950\Downloads\mbam-chameleon-1.62.1.1000
2014-03-15 09:16 - 2014-03-15 09:16 - 01440846 _____ () C:\Users\coldharbor1950\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-03-15 08:44 - 2014-03-15 08:44 - 00145026 _____ () C:\Users\coldharbor1950\Desktop\OTL 0315.txt
2014-03-15 08:36 - 2014-03-15 08:36 - 00071630 _____ () C:\Users\coldharbor1950\Downloads\Extras.Txt
2014-03-15 08:35 - 2014-03-18 10:41 - 00156902 _____ () C:\Users\coldharbor1950\Downloads\OTL.Txt
2014-03-14 13:30 - 2014-03-14 13:30 - 00003139 _____ () C:\Users\coldharbor1950\Documents\Google Redirect.txt
2014-03-14 08:47 - 2014-03-14 08:47 - 00066690 _____ () C:\Users\coldharbor1950\Desktop\OTL 1314-2.txt
2014-03-13 21:25 - 2014-03-13 21:25 - 00020106 _____ () C:\Users\coldharbor1950\Documents\startup.txt
2014-03-13 19:31 - 2014-03-13 19:31 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\VS Revo Group
2014-03-13 14:21 - 2014-03-13 14:21 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-03-12 16:20 - 2014-03-12 16:20 - 00002021 _____ () C:\Users\coldharbor1950\Desktop\AdwCleaner[S5].txt
2014-03-12 09:41 - 2014-03-12 09:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 09:41 - 2014-03-12 09:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-10 10:53 - 2014-03-11 20:26 - 00018052 _____ () C:\Users\coldharbor1950\Documents\eBay.odt
2014-03-10 10:08 - 2014-01-12 11:52 - 00011070 _____ () C:\Users\coldharbor1950\Documents\untitled_1.odt
2014-02-28 10:42 - 2014-03-18 14:20 - 00329502 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 15:27 - 2014-02-27 15:27 - 14827320 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup (2).exe
2014-02-25 21:16 - 2014-02-25 21:19 - 78353784 _____ (AVG) C:\Users\coldharbor1950\Downloads\avg_tuh_stf_all_2014_295.exe
2014-02-25 08:40 - 2014-02-25 08:40 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-02-24 14:25 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-24 14:25 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-24 14:25 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-24 14:25 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-24 14:24 - 2014-03-18 12:51 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-24 14:24 - 2014-02-27 15:25 - 00003678 _____ () C:\Windows\System32\Tasks\HP online update program
2014-02-24 14:04 - 2013-12-18 10:38 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-02-24 14:03 - 2014-03-15 13:30 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\AVG
2014-02-24 14:03 - 2014-02-24 14:03 - 00002187 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2014-02-24 14:03 - 2014-02-24 14:03 - 00002161 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-02-24 14:03 - 2013-12-18 10:38 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-02-24 14:03 - 2013-12-18 10:38 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2014-02-24 14:01 - 2014-03-15 13:30 - 00000000 ____D () C:\ProgramData\AVG
2014-02-24 14:01 - 2014-02-24 14:24 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-24 13:58 - 2014-02-24 14:00 - 78353832 _____ (AVG) C:\Users\coldharbor1950\Downloads\avg_tuh_stf_all_2014_295_24c28.exe
2014-02-23 11:51 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-23 11:51 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-23 11:51 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-23 11:51 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-23 11:51 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-23 11:51 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-23 11:51 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-23 11:51 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-23 11:51 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-23 11:51 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-23 11:51 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-23 11:51 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-23 11:51 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-23 11:51 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-23 11:51 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-23 11:51 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-23 11:51 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-23 11:51 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-23 11:50 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-23 11:50 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-23 11:50 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-23 11:50 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-23 11:50 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-23 11:50 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-23 11:48 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 11:48 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-22 12:18 - 2014-03-09 12:24 - 00001514 _____ () C:\Users\coldharbor1950\Documents\eBay Civil War.txt
2014-02-22 10:11 - 2014-02-22 10:11 - 00847856 _____ (Google Inc.) C:\Users\coldharbor1950\Downloads\ChromeSetup.exe
2014-02-21 18:52 - 2014-02-21 18:52 - 15530400 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup (1).exe
2014-02-20 18:51 - 2014-02-20 18:51 - 00001991 _____ () C:\Users\Public\Desktop\H&R Block 2013.lnk
2014-02-20 18:48 - 2014-03-15 13:29 - 00000000 ____D () C:\Program Files (x86)\HRBlock2013
2014-02-20 13:51 - 2014-02-20 13:52 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\2013 Taxes
2014-02-20 13:47 - 2014-02-20 13:49 - 03830677 _____ () C:\Users\coldharbor1950\Downloads\w2.zip
2014-02-19 20:20 - 2014-03-15 13:28 - 00000000 ____D () C:\DrvInstall
2014-02-19 20:20 - 2014-02-19 20:20 - 43720192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-02-19 20:20 - 2014-02-19 20:20 - 03791320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-02-19 20:20 - 2014-02-19 20:20 - 02782936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-02-19 20:20 - 2014-02-19 20:20 - 00704269 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-02-19 20:20 - 2014-02-19 20:20 - 00154840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll

==================== One Month Modified Files and Folders =======

2014-03-18 15:04 - 2012-12-28 23:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 15:03 - 2014-03-18 15:03 - 00020466 _____ () C:\Users\coldharbor1950\Desktop\FRST.txt
2014-03-18 15:03 - 2014-01-07 13:49 - 00000000 ____D () C:\FRST
2014-03-18 15:01 - 2014-03-18 15:01 - 02157056 _____ (Farbar) C:\Users\coldharbor1950\Desktop\FRST64.exe
2014-03-18 15:01 - 2014-01-17 08:28 - 00047104 ___SH () C:\Users\coldharbor1950\Desktop\Thumbs.db
2014-03-18 15:00 - 2014-03-18 14:53 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\RK_Quarantine
2014-03-18 14:59 - 2014-03-18 14:01 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\0318 Comp Repair
2014-03-18 14:50 - 2014-03-18 14:50 - 03901952 _____ () C:\Users\coldharbor1950\Desktop\RogueKiller.exe
2014-03-18 14:42 - 2014-03-18 14:42 - 00000958 _____ () C:\Users\coldharbor1950\Desktop\JRT.txt
2014-03-18 14:24 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 14:24 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 14:24 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 14:21 - 2014-03-18 14:21 - 01037734 _____ (Thisisu) C:\Users\coldharbor1950\Downloads\JRT.exe
2014-03-18 14:21 - 2014-03-18 14:21 - 00001157 _____ () C:\Users\coldharbor1950\Desktop\JRT - Shortcut.lnk
2014-03-18 14:20 - 2014-02-28 10:42 - 00329502 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 14:16 - 2014-03-18 13:58 - 00000500 _____ () C:\Windows\PFRO.log
2014-03-18 14:16 - 2014-03-18 12:18 - 00000168 _____ () C:\Windows\setupact.log
2014-03-18 14:16 - 2012-11-02 22:25 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 14:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 14:15 - 2013-12-17 17:09 - 00000000 ____D () C:\AdwCleaner
2014-03-18 14:11 - 2012-11-02 22:25 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 14:09 - 2014-03-18 14:09 - 01950720 _____ () C:\Users\coldharbor1950\Downloads\AdwCleaner.exe
2014-03-18 14:09 - 2014-03-18 14:09 - 00001230 _____ () C:\Users\coldharbor1950\Desktop\AdwCleaner - Shortcut.lnk
2014-03-18 13:55 - 2014-03-18 13:55 - 00000000 ____D () C:\_OTL
2014-03-18 13:34 - 2012-06-09 14:14 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{97A3A84A-CC66-4D5F-A3C7-2DF30115F961}
2014-03-18 12:51 - 2014-02-24 14:24 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-03-18 12:36 - 2014-03-18 12:36 - 00005633 _____ () C:\Users\coldharbor1950\Documents\CompFix 031814.txt
2014-03-18 12:34 - 2014-03-18 12:34 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Desktop\OTL.exe
2014-03-18 12:19 - 2014-03-18 12:18 - 00333712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 12:18 - 2014-03-18 12:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-18 12:17 - 2012-11-02 22:25 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-18 12:17 - 2012-11-02 22:25 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-18 10:42 - 2014-03-18 10:42 - 00156902 _____ () C:\Users\coldharbor1950\Downloads\OTL 0318 Safe Mode.txt
2014-03-18 10:41 - 2014-03-15 08:35 - 00156902 _____ () C:\Users\coldharbor1950\Downloads\OTL.Txt
2014-03-18 10:21 - 2014-03-17 09:44 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-18 10:09 - 2014-01-01 13:25 - 00003182 _____ () C:\Windows\System32\Tasks\{F876F0D1-9074-4454-9507-B66E6F1F41E7}
2014-03-18 10:08 - 2013-10-10 06:57 - 00003242 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-387024861-1857405023-142887614-1000
2014-03-18 10:05 - 2012-10-11 17:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-18 10:01 - 2014-03-18 10:01 - 00000382 _____ () C:\Users\coldharbor1950\Documents\cc_20140318_100102.reg
2014-03-18 09:10 - 2013-12-14 22:46 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-18 09:00 - 2014-03-18 08:01 - 00162466 _____ () C:\Users\coldharbor1950\Desktop\G2G 0318.txt
2014-03-18 08:41 - 2014-03-18 08:41 - 00160168 _____ () C:\Users\coldharbor1950\Downloads\OTL 0318.txt
2014-03-18 08:13 - 2014-03-18 08:13 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Downloads\OTL (1).com
2014-03-18 08:09 - 2014-03-18 08:09 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Desktop\OTL.com
2014-03-18 07:20 - 2013-12-31 14:06 - 00003356 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-387024861-1857405023-142887614-1000
2014-03-17 22:50 - 2013-05-30 14:32 - 00000000 ____D () C:\JRT
2014-03-17 22:49 - 2014-03-17 22:49 - 00169560 _____ () C:\Users\coldharbor1950\Desktop\OTL 0317.txt
2014-03-17 21:19 - 2014-03-17 08:29 - 00169560 _____ () C:\Users\coldharbor1950\Desktop\OTL.Txt
2014-03-17 18:51 - 2013-05-30 13:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-17 10:02 - 2013-05-30 13:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-17 09:59 - 2014-03-17 09:59 - 00001341 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-17 09:44 - 2014-03-17 09:44 - 00001041 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-03-17 09:44 - 2014-03-17 09:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-17 09:43 - 2014-03-17 09:43 - 00001325 _____ () C:\Users\coldharbor1950\Desktop\spywareblastersetup50 - Shortcut.lnk
2014-03-17 09:40 - 2014-03-17 09:40 - 04095448 _____ (BrightFort LLC ) C:\Users\coldharbor1950\Downloads\spywareblastersetup50.exe
2014-03-16 13:52 - 2014-03-16 13:52 - 00000968 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_135229.reg
2014-03-16 11:40 - 2014-03-16 11:40 - 00002790 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-16 11:40 - 2014-03-16 11:40 - 00000824 _____ () C:\Users\coldharbor1950\Desktop\CCleaner.lnk
2014-03-16 11:40 - 2014-03-16 11:40 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-03-16 11:40 - 2014-03-16 11:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-16 08:07 - 2014-03-16 08:07 - 00006528 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_080703.reg
2014-03-16 08:06 - 2014-03-16 08:06 - 00052550 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_080611.reg
2014-03-16 03:25 - 2013-12-10 10:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 03:25 - 2013-12-10 10:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 19:15 - 2014-01-18 18:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-15 19:14 - 2014-03-15 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-15 19:14 - 2014-03-15 19:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-15 19:12 - 2014-03-15 19:12 - 00921000 _____ (Oracle Corporation) C:\Users\coldharbor1950\Downloads\chromeinstall-7u51 (2).exe
2014-03-15 16:05 - 2012-12-28 23:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-15 16:05 - 2012-10-24 21:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-15 16:05 - 2012-01-18 17:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-15 15:56 - 2012-01-18 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-15 15:43 - 2012-10-22 10:25 - 00004248 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm
2014-03-15 15:43 - 2012-10-22 10:25 - 00003508 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2014-03-15 15:40 - 2014-03-15 15:40 - 14805000 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup-cnetc (1).exe
2014-03-15 14:44 - 2014-02-13 11:20 - 00000927 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-15 14:38 - 2012-06-09 14:07 - 00000000 ____D () C:\Users\coldharbor1950
2014-03-15 14:35 - 2013-12-17 22:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-15 14:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-03-15 13:33 - 2014-03-15 09:17 - 00000000 ____D () C:\Users\coldharbor1950\Downloads\mbam-chameleon-1.62.1.1000
2014-03-15 13:33 - 2013-11-19 21:22 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-15 13:33 - 2013-02-08 17:21 - 00000000 ____D () C:\ProgramData\pdf995
2014-03-15 13:33 - 2012-12-07 10:45 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-15 13:33 - 2012-11-09 22:49 - 00000000 ____D () C:\ProgramData\IObit
2014-03-15 13:33 - 2012-10-12 15:52 - 00000000 ____D () C:\Windows\WindowsMobile
2014-03-15 13:33 - 2012-01-18 17:30 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-15 13:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-03-15 13:30 - 2014-02-24 14:03 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\AVG
2014-03-15 13:30 - 2014-02-24 14:01 - 00000000 ____D () C:\ProgramData\AVG
2014-03-15 13:30 - 2014-02-14 21:56 - 00000000 ____D () C:\Program Files\Java
2014-03-15 13:30 - 2012-12-07 10:45 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\Real
2014-03-15 13:30 - 2012-12-07 10:43 - 00000000 ____D () C:\ProgramData\Real
2014-03-15 13:30 - 2012-10-30 03:03 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\Skype
2014-03-15 13:29 - 2014-02-20 18:48 - 00000000 ____D () C:\Program Files (x86)\HRBlock2013
2014-03-15 13:28 - 2014-02-19 20:20 - 00000000 ____D () C:\DrvInstall
2014-03-15 09:16 - 2014-03-15 09:16 - 01440846 _____ () C:\Users\coldharbor1950\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-03-15 08:44 - 2014-03-15 08:44 - 00145026 _____ () C:\Users\coldharbor1950\Desktop\OTL 0315.txt
2014-03-15 08:36 - 2014-03-15 08:36 - 00071630 _____ () C:\Users\coldharbor1950\Downloads\Extras.Txt
2014-03-14 18:39 - 2012-10-20 18:10 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Local\CrashDumps
2014-03-14 13:30 - 2014-03-14 13:30 - 00003139 _____ () C:\Users\coldharbor1950\Documents\Google Redirect.txt
2014-03-14 08:47 - 2014-03-14 08:47 - 00066690 _____ () C:\Users\coldharbor1950\Desktop\OTL 1314-2.txt
2014-03-13 21:25 - 2014-03-13 21:25 - 00020106 _____ () C:\Users\coldharbor1950\Documents\startup.txt
2014-03-13 19:31 - 2014-03-13 19:31 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\VS Revo Group
2014-03-13 14:21 - 2014-03-13 14:21 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-03-12 16:20 - 2014-03-12 16:20 - 00002021 _____ () C:\Users\coldharbor1950\Desktop\AdwCleaner[S5].txt
2014-03-12 10:12 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 09:41 - 2014-03-12 09:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 09:41 - 2014-03-12 09:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-11 20:26 - 2014-03-10 10:53 - 00018052 _____ () C:\Users\coldharbor1950\Documents\eBay.odt
2014-03-09 20:14 - 2014-01-05 19:57 - 00000000 ____D () C:\ProgramData\PDFC
2014-03-09 19:26 - 2013-01-05 11:35 - 00000000 ___HD () C:\Users\coldharbor1950\Documents\HRBlock
2014-03-09 12:24 - 2014-02-22 12:18 - 00001514 _____ () C:\Users\coldharbor1950\Documents\eBay Civil War.txt
2014-03-01 01:05 - 2014-03-15 16:08 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:17 - 2014-03-15 16:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:16 - 2014-03-15 16:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 23:58 - 2014-03-15 16:09 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:52 - 2014-03-15 16:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 23:51 - 2014-03-15 16:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 23:42 - 2014-03-15 16:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 23:40 - 2014-03-15 16:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 23:37 - 2014-03-15 16:08 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 23:33 - 2014-03-15 16:08 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 23:33 - 2014-03-15 16:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 23:32 - 2014-03-15 16:08 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 23:30 - 2014-03-15 16:09 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 23:23 - 2014-03-15 16:08 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 23:17 - 2014-03-15 16:08 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:11 - 2014-03-15 16:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 23:02 - 2014-03-15 16:08 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 22:54 - 2014-03-15 16:08 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 22:52 - 2014-03-15 16:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 22:51 - 2014-03-15 16:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 22:47 - 2014-03-15 16:09 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 22:43 - 2014-03-15 16:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 22:43 - 2014-03-15 16:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 22:42 - 2014-03-15 16:08 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:40 - 2014-03-15 16:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 22:38 - 2014-03-15 16:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 22:37 - 2014-03-15 16:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 22:35 - 2014-03-15 16:08 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 22:18 - 2014-03-15 16:08 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:16 - 2014-03-15 16:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 22:14 - 2014-03-15 16:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 22:10 - 2014-03-15 16:08 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:03 - 2014-03-15 16:09 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 22:00 - 2014-03-15 16:08 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 21:57 - 2014-03-15 16:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 21:38 - 2014-03-15 16:08 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 21:32 - 2014-03-15 16:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 21:27 - 2014-03-15 16:09 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 21:25 - 2014-03-15 16:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 21:25 - 2014-03-15 16:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 15:27 - 2014-02-27 15:27 - 14827320 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup (2).exe
2014-02-27 15:25 - 2014-02-24 14:24 - 00003678 _____ () C:\Windows\System32\Tasks\HP online update program
2014-02-25 21:25 - 2013-12-14 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-25 21:19 - 2014-02-25 21:16 - 78353784 _____ (AVG) C:\Users\coldharbor1950\Downloads\avg_tuh_stf_all_2014_295.exe
2014-02-25 08:40 - 2014-02-25 08:40 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-02-24 14:29 - 2012-10-19 05:00 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-24 14:24 - 2014-02-24 14:01 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-24 14:24 - 2012-12-28 21:07 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\Downloaded Installations
2014-02-24 14:24 - 2012-11-19 20:03 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Roaming\hpqLog
2014-02-24 14:24 - 2012-11-19 20:03 - 00000000 ____D () C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-02-24 14:24 - 2012-06-10 14:41 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Roaming\HpUpdate
2014-02-24 14:04 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-02-24 14:03 - 2014-02-24 14:03 - 00002187 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2014-02-24 14:03 - 2014-02-24 14:03 - 00002161 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-02-24 14:02 - 2013-12-14 22:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-24 14:00 - 2014-02-24 13:58 - 78353832 _____ (AVG) C:\Users\coldharbor1950\Downloads\avg_tuh_stf_all_2014_295_24c28.exe
2014-02-23 11:53 - 2011-02-11 12:15 - 00775546 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-22 10:11 - 2014-02-22 10:11 - 00847856 _____ (Google Inc.) C:\Users\coldharbor1950\Downloads\ChromeSetup.exe
2014-02-21 18:52 - 2014-02-21 18:52 - 15530400 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup (1).exe
2014-02-20 18:51 - 2014-02-20 18:51 - 00001991 _____ () C:\Users\Public\Desktop\H&R Block 2013.lnk
2014-02-20 18:51 - 2013-01-05 11:37 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\TaxCut
2014-02-20 18:46 - 2013-01-05 11:32 - 00000000 ____D () C:\ProgramData\TaxCut
2014-02-20 13:52 - 2014-02-20 13:51 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\2013 Taxes
2014-02-20 13:49 - 2014-02-20 13:47 - 03830677 _____ () C:\Users\coldharbor1950\Downloads\w2.zip
2014-02-20 02:07 - 2012-12-19 20:08 - 00003240 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForcoldharbor1950
2014-02-20 02:07 - 2012-12-19 20:08 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForcoldharbor1950.job
2014-02-19 20:22 - 2012-01-18 16:59 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-02-19 20:20 - 2014-02-19 20:20 - 43720192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-02-19 20:20 - 2014-02-19 20:20 - 03791320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-02-19 20:20 - 2014-02-19 20:20 - 02782936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-02-19 20:20 - 2014-02-19 20:20 - 00704269 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-02-19 20:20 - 2014-02-19 20:20 - 00154840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll

Some content of TEMP:
====================
C:\Users\coldharbor1950\AppData\Local\Temp\ntdll_dump.dll
C:\Users\coldharbor1950\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-10 00:20

==================== End Of Log ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by coldharbor1950 at 2014-03-18 15:05:06
Running from C:\Users\coldharbor1950\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4336 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4336 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.295 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0512.1812.30806 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.5801 - HRB Technology, LLC.)
H&R Block Wisconsin 2012 (HKLM-x32\...\{A9EFBFB8-A314-4F9F-83B6-A0932C62728D}) (Version: 1.12.4201 - HRB Technology, LLC.)
H&R Block Wisconsin 2013 (HKLM-x32\...\{586C0B83-75B3-42FD-8D5B-B81CC6E7EFC9}) (Version: 1.13.4001 - HRB Technology, LLC.)
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Masque IGT Slots Wolf Run (HKLM-x32\...\{7C0BF6E9-7021-46E4-87B3-4C4587256A22}) (Version: 1.0.3 - Masque Publishing)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
PrintMaster 2012 Platinum (HKLM-x32\...\5354-7805-5584-7014) (Version: 4.0.0.200 - Encore Software Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7121 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoboForm 7-9-5-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-5-7 - Siber Systems)
Serif PagePlus Starter Edition (HKLM-x32\...\{C349396B-D599-4F49-890C-4B663739E2CA}) (Version: 3.0.0.3 - Serif (Europe) Ltd)
Serif PagePlus: Poster Template Pack 1 (HKLM-x32\...\{561989D6-1BEE-452D-83FE-6E8AB80F341A}) (Version: 1.0.1.042 - Serif (Europe) Ltd)
Serif PhotoPlus 8.0 (HKLM-x32\...\{0F6D55D8-89AA-4C1D-BC4C-ACBBDE8BE57A}) (Version: - )
Serif PhotoPlus Association File Formats (HKLM-x32\...\{F8650CB3-89F1-4AE0-81AC-917423C58DB8}) (Version: - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.6.0 - Nikon)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Restore Points =========================

08-03-2014 06:00:15 Windows Backup
12-03-2014 20:17:48 Windows Update
12-03-2014 20:20:56 Windows Update
14-03-2014 08:00:24 Windows Update
15-03-2014 12:52:29 Windows Backup
15-03-2014 17:34:42 Restore Operation
15-03-2014 19:46:02 Windows Backup
15-03-2014 20:54:32 Windows Live Essentials
15-03-2014 20:55:17 WLSetup
18-03-2014 18:55:56 OTL Restore Point - 3/18/2014 1:55:53 PM

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-01-01 15:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {12012487-4520-4ED5-9DF4-B893A8B156F6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-387024861-1857405023-142887614-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {2B3C8B51-8C6C-4C18-8F28-F424F85A6F2A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {353CE0D9-2049-49A9-853D-65D24B54AC28} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {4E152986-4C08-4E49-955F-DA8695D0F7CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {6914A14E-3ED5-43DD-B107-F7ED62A2AF7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-02] (Google Inc.)
Task: {6DD38E4F-73BB-4318-A2A0-70D66288F9B9} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-12-18] (AVG)
Task: {70E896FE-5EF7-4047-A011-3108456F9C98} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {823643CA-D110-4171-BFB0-BB3401209CCA} - System32\Tasks\HP online update program => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {9050D9CF-7F72-47E0-9703-6B2F4C650959} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {9406294F-592E-4613-ABC6-B1E7046ADA2E} - System32\Tasks\HPCeeScheduleForcoldharbor1950 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {9E6397F1-769E-4BDC-8B47-CCC5D7550F29} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-387024861-1857405023-142887614-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {AB3455F7-763A-49FA-AFC5-F713E64C8A52} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {C15E4170-D91C-4ED5-A054-DF14FF27CD1A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15] (Adobe Systems Incorporated)
Task: {D9259BEB-EF06-4D5F-87DC-A7F267FA4F3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-02] (Google Inc.)
Task: {DD41F7B0-05C7-47AE-9F1D-F64AC6991CCB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F1E2FB07-561F-4198-8D5D-99C62CB53C0C} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {FBD534DC-0905-406A-80A8-0FBCCD280648} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-03-15] (Siber Systems)
Task: {FC1E7333-3415-4F61-9946-999DB5A71851} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\HPCeeScheduleForcoldharbor1950.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-11-11 21:28 - 2012-09-12 16:33 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2013-02-08 17:21 - 2012-04-26 16:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2013-10-08 10:34 - 2013-10-08 10:34 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-01-05 09:32 - 2011-12-08 17:53 - 08364288 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2011-06-08 16:57 - 2011-06-08 16:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2013-12-18 10:38 - 2013-12-18 10:38 - 00742200 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-01-05 09:32 - 2011-12-07 19:31 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2014-03-17 09:58 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-17 09:58 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-17 09:58 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-17 09:58 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-17 09:58 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-05 09:32 - 2011-09-13 17:57 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2014-01-05 09:32 - 2011-10-25 15:54 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\startupfolder: C:^Users^coldharbor1950^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: HP Deskjet 3050A J611 series (NET) => "c:\program files\hp\hp deskjet 3050a j611 series\bin\scantopcactivationapp.exe" -deviceid "cn29a6cp8s05pj:nw" -scfn "hp deskjet 3050a j611 series (net)" -autostart 1
MSCONFIG\startupreg: Windows Mobile-based device management => %WINDIR%\WindowsMobile\wmdcBase.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-01-01 14:36:33.274
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-01 14:36:32.666
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 3686.54 MB
Available physical RAM: 2400.02 MB
Total Pagefile: 7371.27 MB
Available Pagefile: 5850.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.07 GB) (Free:397.4 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.59 GB) (Free:2.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HR Block 2013) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5476193F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#10
krisinluck

Posted 18 March 2014 - 04:15 PM

Member

Topic Starter
Member
116 posts

The computer is a mess. I am able to be on Explorer - I updated to 11 - but only for maybe a half hour before it is so sluggish that I end up closing and rebooting, which helps for another hour or so. That is the usual for the last several days.

I reinstalled Chrome to see if it was behaving better. It's not. It tells me that my preferences are for a newer version of Chrome. I updated Chrome before all this started - I keep it current - and have uninstalled and reinstalled it. How could my preferences be for a newer version?

I downloaded Avast Free, in order to get rid of AVG. Also removed AVG PC Tune Up. Avast will not let me connect my computer to it, so that is a huge worry. I even reset the password. I get the following when attempting: "We could not connect to your account. Please try again later." Over and over again, even after rebooting. At this point, this is my biggest worry. If Avast isn't a good choice, please direct me to something else that isn't going to cost me a lot of money. I'm not selling on eBay for the fun of it.

I downloaded OTL from the .com site because it wouldn't download. Previously I have used G2G or Major Geeks.

I am endlessly thankful for your help!

#11
krisinluck

Posted 19 March 2014 - 06:55 AM

Member

Topic Starter
Member
116 posts

Morning update: I can get into Chrome now. I still have to close the multiple extra pages that alternate between my profile is for a more recent update and a simple "your profile cannot be loaded", but I am able to be on Chrome now.

Pogo is my take a break site - I can't do the crossword puzzles in Chrome as it says Java is not loaded on the site. It works fine in IE.

I'm going to check eBay and see if it will let me list without mangling the format like IE does.

And now I have McAfee trying to load in the Chrome Extensions.

#12
Crowbar

Posted 19 March 2014 - 08:12 AM

Teacher

GeekU Moderator
4,798 posts

Hello,
Before I go on let me say, You are Welcome! Thanks for your patience !

Avast is a good choice for an anti virus, but please hold off on making changes like that until we make some more headway, you are getting ahead of things by doing that.

Since you already removed AVG, let's run the AVG removal tool at this point, unless you already did so. Most AV products leave behind many "pieces" and most of them have a removal tool to get rid of these "pieces". Having multiple AV's can cause all kinds of havoc, so it's important to remove any remnants...

I am seeing that you have run Combofix sometime in the past, was this recent? If so, please post the combofix log file.

Step 1
Please download the AVG removal tool from here, saving it on your desktop.

Right click on the file and select Run as administrator
Make sure to let it remove all the user settings and the virus vault
It may want to reboot your computer more than once, please allow it to do so.

Step 2
And now for Chrome,
I see in your morning update that Chrome is now working, but not right. I would like to remove your Chrome profile, since it appears to be corrupted.
Please back up your bookmarks, you can do this by signing into Chrome. Google will sync your bookmarks, however I don't always trust that to happen so I would like you to do a manual backup of them.
Click on the Chrome menu and select Bookmarks > Bookmark Manager > Organize > Export bookmarks to HTML file
Now you can easily import them if Google does not do it for you.
Now we can remove the profile files, so please close Chrome and reboot your computer.
Click on the start button and paste this into the search box - %LOCALAPPDATA%\Google\Chrome\User Data\ then press enter.
In that folder I would like you to delete 2 files - web-data and Web Data-journal, just right click each one and select Delete.
Restart Chrome and tell me how it works now.

Step 3
Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Put a checkmark beside loaded modules.

A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.

Click the Start Scan button.

The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.

If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the 64 bit version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.

In your next reply I would like to see:

AVG removal tool run?
TDSSKiller log file
New FRST log
Please tell me if things are running better after the TDSSKiller run, and how is Chrome doing now?

#13
krisinluck

Posted 19 March 2014 - 03:11 PM

Member

Topic Starter
Member
116 posts

AVG uninstaller run. Appears successful.

Chrome Bookmarks in HTML file.

Entering the %LOCALAPPDATA%\Google\Chrome\User Data did not give me the option of deleting the two files you mentioned. Here is what came up - list form since it won't allow me to paste it. (It copies fine - it just won't paste.) The capitalization is exact from what shows there.

Default
PepperFlash
SwiftShader
WidevineCDM
chrome_shutdown_ms
First Run
Safe Browsing Bloom
Safe Browsing Cookies-journal
Safe Browsing Csd Whitelist
Safe Browsing Download
Safe Browsing Download Whitelist
Safe Browsing Extention Blacklist
Safe Browsing IP Blacklist
Safe Browsing Side-Effect Free Whitelist Prefix Set

TDSS was a bit of a pain. It wanted to update and insisted on using Google. I uninstalled Google completely using C-Cleaner. Never did update, but it did run. The only thing it found as a threat was the Calendar Sync that came with my computer. Not sure why - even using IE it would not update. Report will be in next reply; all of this in once reply here was too long.

FRST Log is interesting to me, as SearchScopes is in place as a white list item.

Here is the Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by coldharbor1950 (administrator) on ICELAND on 19-03-2014 14:50:31
Running from C:\Users\coldharbor1950\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5G180B14
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-02-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-387024861-1857405023-142887614-1000\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-03-15] (Siber Systems)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {4F1149B4-DD36-468D-A3A7-B9D541595DEF} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - DefaultScope {71DB2072-787A-4596-A0E5-2E1030999197} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {71DB2072-787A-4596-A0E5-2E1030999197} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-11-25]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-12-07]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-19] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-15] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-19 14:31 - 2014-03-19 14:31 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-19 14:24 - 2014-03-19 14:27 - 00007235 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 14:21 - 2014-03-19 14:28 - 00000112 _____ () C:\Windows\setupact.log
2014-03-19 14:21 - 2014-03-19 14:21 - 00333712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 14:21 - 2014-03-19 14:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-19 14:14 - 2014-03-19 14:14 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\coldharbor1950\Downloads\tdsskiller.exe
2014-03-19 13:56 - 2014-03-19 13:56 - 00407789 _____ () C:\Users\coldharbor1950\Downloads\TDSS.htm
2014-03-19 13:35 - 2014-03-19 13:35 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\coldharbor1950\Desktop\tdsskiller.exe
2014-03-19 11:32 - 2014-03-19 11:32 - 00053843 _____ () C:\Users\coldharbor1950\Documents\bookmarks_3_19_14.html
2014-03-19 10:15 - 2014-03-19 11:27 - 00424787 _____ () C:\Users\coldharbor1950\Downloads\avgremover.log
2014-03-19 10:14 - 2014-03-19 10:14 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\coldharbor1950\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-03-18 20:28 - 2014-03-18 20:28 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-18 17:23 - 2014-03-18 17:23 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-18 16:10 - 2014-03-18 16:10 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-18 16:09 - 2014-03-18 16:09 - 00043152 _____ (AVAST Software) C:\Windows\ava3305.tmp
2014-03-18 16:09 - 2014-03-18 16:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-18 15:26 - 2014-03-18 15:26 - 00000000 ____D () C:\ProgramData\Google
2014-03-18 15:26 - 2014-03-18 15:26 - 00000000 ____D () C:\Program Files\Google
2014-03-18 14:53 - 2014-03-18 15:00 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\RK_Quarantine
2014-03-18 14:50 - 2014-03-18 14:50 - 03901952 _____ () C:\Users\coldharbor1950\Desktop\RogueKiller.exe
2014-03-18 14:21 - 2014-03-18 14:21 - 01037734 _____ (Thisisu) C:\Users\coldharbor1950\Downloads\JRT.exe
2014-03-18 14:21 - 2014-03-18 14:21 - 00001157 _____ () C:\Users\coldharbor1950\Desktop\JRT - Shortcut.lnk
2014-03-18 14:09 - 2014-03-18 14:09 - 01950720 _____ () C:\Users\coldharbor1950\Downloads\AdwCleaner.exe
2014-03-18 14:09 - 2014-03-18 14:09 - 00001230 _____ () C:\Users\coldharbor1950\Desktop\AdwCleaner - Shortcut.lnk
2014-03-18 14:01 - 2014-03-19 11:34 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\0318 Comp Repair
2014-03-18 13:55 - 2014-03-18 13:55 - 00000000 ____D () C:\_OTL
2014-03-18 12:36 - 2014-03-18 12:36 - 00005633 _____ () C:\Users\coldharbor1950\Documents\CompFix 031814.txt
2014-03-18 10:42 - 2014-03-18 10:42 - 00156902 _____ () C:\Users\coldharbor1950\Downloads\OTL 0318 Safe Mode.txt
2014-03-18 10:01 - 2014-03-18 10:01 - 00000382 _____ () C:\Users\coldharbor1950\Documents\cc_20140318_100102.reg
2014-03-18 08:41 - 2014-03-18 08:41 - 00160168 _____ () C:\Users\coldharbor1950\Downloads\OTL 0318.txt
2014-03-18 08:13 - 2014-03-18 08:13 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Downloads\OTL (1).com
2014-03-18 08:09 - 2014-03-18 08:09 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Desktop\OTL.com
2014-03-17 09:59 - 2014-03-17 09:59 - 00001341 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-17 09:44 - 2014-03-18 10:21 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-17 09:44 - 2014-03-17 09:44 - 00001041 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-03-17 09:44 - 2014-03-17 09:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-17 09:44 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-03-17 09:40 - 2014-03-17 09:40 - 04095448 _____ (BrightFort LLC ) C:\Users\coldharbor1950\Downloads\spywareblastersetup50.exe
2014-03-16 13:52 - 2014-03-16 13:52 - 00000968 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_135229.reg
2014-03-16 11:40 - 2014-03-18 16:41 - 00000977 _____ () C:\Users\coldharbor1950\Desktop\CCleaner.lnk
2014-03-16 11:40 - 2014-03-16 11:40 - 00002790 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-16 11:40 - 2014-03-16 11:40 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-03-16 11:40 - 2014-03-16 11:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-16 08:07 - 2014-03-16 08:07 - 00006528 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_080703.reg
2014-03-16 08:06 - 2014-03-16 08:06 - 00052550 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_080611.reg
2014-03-15 19:15 - 2014-03-15 19:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-15 19:14 - 2014-03-15 19:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-15 19:12 - 2014-03-15 19:12 - 00921000 _____ (Oracle Corporation) C:\Users\coldharbor1950\Downloads\chromeinstall-7u51 (2).exe
2014-03-15 16:09 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-15 16:09 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-15 16:09 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-15 16:09 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-15 16:09 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-15 16:09 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-15 16:09 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-15 16:09 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-15 16:09 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-15 16:09 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-15 16:09 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-15 16:09 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-15 16:08 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-15 16:08 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-15 16:08 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-15 16:08 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-15 16:08 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-15 16:08 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-15 16:08 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-15 16:08 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-15 16:08 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-15 16:08 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-15 16:08 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-15 16:08 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-15 16:08 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-15 16:08 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-15 16:08 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-15 16:08 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-15 16:08 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-15 16:08 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-15 16:08 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-15 16:08 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-15 16:08 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-15 16:08 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-15 16:08 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-15 16:08 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-15 16:08 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-15 16:08 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-15 16:08 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-15 16:08 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-15 16:08 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-15 16:08 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-15 16:08 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-15 16:08 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-15 16:06 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-15 16:06 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-15 16:05 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-15 16:05 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-15 15:40 - 2014-03-15 15:40 - 14805000 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup-cnetc (1).exe
2014-03-15 09:17 - 2014-03-15 13:33 - 00000000 ____D () C:\Users\coldharbor1950\Downloads\mbam-chameleon-1.62.1.1000
2014-03-15 09:16 - 2014-03-15 09:16 - 01440846 _____ () C:\Users\coldharbor1950\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-03-15 08:36 - 2014-03-15 08:36 - 00071630 _____ () C:\Users\coldharbor1950\Downloads\Extras.Txt
2014-03-15 08:35 - 2014-03-18 10:41 - 00156902 _____ () C:\Users\coldharbor1950\Downloads\OTL.Txt
2014-03-14 13:30 - 2014-03-14 13:30 - 00003139 _____ () C:\Users\coldharbor1950\Documents\Google Redirect.txt
2014-03-13 21:25 - 2014-03-13 21:25 - 00020106 _____ () C:\Users\coldharbor1950\Documents\startup.txt
2014-03-13 19:31 - 2014-03-13 19:31 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\VS Revo Group
2014-03-13 14:21 - 2014-03-13 14:21 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-03-12 09:41 - 2014-03-12 09:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 09:41 - 2014-03-12 09:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-10 10:53 - 2014-03-11 20:26 - 00018052 _____ () C:\Users\coldharbor1950\Documents\eBay.odt
2014-03-10 10:08 - 2014-01-12 11:52 - 00011070 _____ () C:\Users\coldharbor1950\Documents\untitled_1.odt
2014-02-27 15:27 - 2014-02-27 15:27 - 14827320 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup (2).exe
2014-02-25 21:16 - 2014-02-25 21:19 - 78353784 _____ (AVG) C:\Users\coldharbor1950\Downloads\avg_tuh_stf_all_2014_295.exe
2014-02-24 14:25 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-24 14:25 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-24 14:25 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-24 14:25 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-24 14:24 - 2014-03-18 16:38 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
2014-02-24 14:24 - 2014-03-18 12:51 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-24 14:03 - 2014-03-15 13:30 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\AVG
2014-02-24 14:01 - 2014-03-15 13:30 - 00000000 ____D () C:\ProgramData\AVG
2014-02-24 14:01 - 2014-02-24 14:24 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-24 13:58 - 2014-02-24 14:00 - 78353832 _____ (AVG) C:\Users\coldharbor1950\Downloads\avg_tuh_stf_all_2014_295_24c28.exe
2014-02-23 11:51 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-23 11:51 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-23 11:51 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-23 11:51 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-23 11:51 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-23 11:51 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-23 11:51 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-23 11:51 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-23 11:51 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-23 11:51 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-23 11:51 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-23 11:51 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-23 11:51 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-23 11:51 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-23 11:51 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-23 11:51 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-23 11:51 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-23 11:51 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-23 11:50 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-23 11:50 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-23 11:50 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-23 11:50 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-23 11:50 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-23 11:50 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-23 11:48 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 11:48 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-22 12:18 - 2014-03-09 12:24 - 00001514 _____ () C:\Users\coldharbor1950\Documents\eBay Civil War.txt
2014-02-22 10:11 - 2014-02-22 10:11 - 00847856 _____ (Google Inc.) C:\Users\coldharbor1950\Downloads\ChromeSetup.exe
2014-02-21 18:52 - 2014-02-21 18:52 - 15530400 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup (1).exe
2014-02-20 18:51 - 2014-02-20 18:51 - 00001991 _____ () C:\Users\Public\Desktop\H&R Block 2013.lnk
2014-02-20 18:48 - 2014-03-15 13:29 - 00000000 ____D () C:\Program Files (x86)\HRBlock2013
2014-02-20 13:51 - 2014-02-20 13:52 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\2013 Taxes
2014-02-20 13:47 - 2014-02-20 13:49 - 03830677 _____ () C:\Users\coldharbor1950\Downloads\w2.zip
2014-02-19 20:20 - 2014-03-15 13:28 - 00000000 ____D () C:\DrvInstall
2014-02-19 20:20 - 2014-02-19 20:20 - 43720192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-02-19 20:20 - 2014-02-19 20:20 - 03791320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-02-19 20:20 - 2014-02-19 20:20 - 02782936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-02-19 20:20 - 2014-02-19 20:20 - 00704269 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-02-19 20:20 - 2014-02-19 20:20 - 00154840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll

==================== One Month Modified Files and Folders =======

2014-03-19 14:50 - 2014-01-07 13:49 - 00000000 ____D () C:\FRST
2014-03-19 14:36 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 14:36 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-19 14:36 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 14:32 - 2014-03-19 14:24 - 00007235 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 14:31 - 2014-03-19 14:31 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-19 14:29 - 2014-01-05 19:57 - 00000000 ____D () C:\ProgramData\PDFC
2014-03-19 14:28 - 2014-03-19 14:21 - 00000112 _____ () C:\Windows\setupact.log
2014-03-19 14:28 - 2012-11-02 22:25 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 14:28 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-19 14:22 - 2014-01-17 08:28 - 00047104 ___SH () C:\Users\coldharbor1950\Desktop\Thumbs.db
2014-03-19 14:21 - 2014-03-19 14:21 - 00333712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 14:21 - 2014-03-19 14:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-19 14:14 - 2014-03-19 14:14 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\coldharbor1950\Downloads\tdsskiller.exe
2014-03-19 14:11 - 2013-06-20 09:31 - 00000000 ____D () C:\Windows\pss
2014-03-19 14:07 - 2012-10-11 17:19 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\Google
2014-03-19 14:07 - 2012-10-11 17:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-19 14:00 - 2012-06-09 14:14 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{97A3A84A-CC66-4D5F-A3C7-2DF30115F961}
2014-03-19 13:56 - 2014-03-19 13:56 - 00407789 _____ () C:\Users\coldharbor1950\Downloads\TDSS.htm
2014-03-19 13:35 - 2014-03-19 13:35 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\coldharbor1950\Desktop\tdsskiller.exe
2014-03-19 13:11 - 2012-11-02 22:25 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-19 13:04 - 2012-12-28 23:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-19 11:34 - 2014-03-18 14:01 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\0318 Comp Repair
2014-03-19 11:32 - 2014-03-19 11:32 - 00053843 _____ () C:\Users\coldharbor1950\Documents\bookmarks_3_19_14.html
2014-03-19 11:27 - 2014-03-19 10:15 - 00424787 _____ () C:\Users\coldharbor1950\Downloads\avgremover.log
2014-03-19 10:16 - 2013-12-14 22:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-19 10:14 - 2014-03-19 10:14 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\coldharbor1950\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-03-18 20:37 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 20:33 - 2012-10-19 05:00 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 20:28 - 2014-03-18 20:28 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-18 17:23 - 2014-03-18 17:23 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-18 17:23 - 2013-03-06 09:13 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Local\Adobe
2014-03-18 17:23 - 2012-12-28 23:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-18 17:23 - 2012-10-24 21:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-18 17:23 - 2012-01-18 17:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-18 16:41 - 2014-03-16 11:40 - 00000977 _____ () C:\Users\coldharbor1950\Desktop\CCleaner.lnk
2014-03-18 16:38 - 2014-02-24 14:24 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
2014-03-18 16:10 - 2014-03-18 16:10 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-18 16:10 - 2012-10-15 23:53 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-18 16:09 - 2014-03-18 16:09 - 00043152 _____ (AVAST Software) C:\Windows\ava3305.tmp
2014-03-18 16:09 - 2014-03-18 16:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-18 16:07 - 2012-10-15 23:52 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-18 15:30 - 2012-10-11 17:17 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Local\Deployment
2014-03-18 15:29 - 2012-10-11 17:17 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\Apps\2.0
2014-03-18 15:26 - 2014-03-18 15:26 - 00000000 ____D () C:\ProgramData\Google
2014-03-18 15:26 - 2014-03-18 15:26 - 00000000 ____D () C:\Program Files\Google
2014-03-18 15:00 - 2014-03-18 14:53 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\RK_Quarantine
2014-03-18 14:50 - 2014-03-18 14:50 - 03901952 _____ () C:\Users\coldharbor1950\Desktop\RogueKiller.exe
2014-03-18 14:21 - 2014-03-18 14:21 - 01037734 _____ (Thisisu) C:\Users\coldharbor1950\Downloads\JRT.exe
2014-03-18 14:21 - 2014-03-18 14:21 - 00001157 _____ () C:\Users\coldharbor1950\Desktop\JRT - Shortcut.lnk
2014-03-18 14:15 - 2013-12-17 17:09 - 00000000 ____D () C:\AdwCleaner
2014-03-18 14:09 - 2014-03-18 14:09 - 01950720 _____ () C:\Users\coldharbor1950\Downloads\AdwCleaner.exe
2014-03-18 14:09 - 2014-03-18 14:09 - 00001230 _____ () C:\Users\coldharbor1950\Desktop\AdwCleaner - Shortcut.lnk
2014-03-18 13:55 - 2014-03-18 13:55 - 00000000 ____D () C:\_OTL
2014-03-18 12:51 - 2014-02-24 14:24 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-03-18 12:36 - 2014-03-18 12:36 - 00005633 _____ () C:\Users\coldharbor1950\Documents\CompFix 031814.txt
2014-03-18 12:17 - 2012-11-02 22:25 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-18 12:17 - 2012-11-02 22:25 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-18 10:42 - 2014-03-18 10:42 - 00156902 _____ () C:\Users\coldharbor1950\Downloads\OTL 0318 Safe Mode.txt
2014-03-18 10:41 - 2014-03-15 08:35 - 00156902 _____ () C:\Users\coldharbor1950\Downloads\OTL.Txt
2014-03-18 10:21 - 2014-03-17 09:44 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-18 10:09 - 2014-01-01 13:25 - 00003182 _____ () C:\Windows\System32\Tasks\{F876F0D1-9074-4454-9507-B66E6F1F41E7}
2014-03-18 10:08 - 2013-10-10 06:57 - 00003242 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-387024861-1857405023-142887614-1000
2014-03-18 10:01 - 2014-03-18 10:01 - 00000382 _____ () C:\Users\coldharbor1950\Documents\cc_20140318_100102.reg
2014-03-18 08:41 - 2014-03-18 08:41 - 00160168 _____ () C:\Users\coldharbor1950\Downloads\OTL 0318.txt
2014-03-18 08:13 - 2014-03-18 08:13 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Downloads\OTL (1).com
2014-03-18 08:09 - 2014-03-18 08:09 - 00602112 _____ (OldTimer Tools) C:\Users\coldharbor1950\Desktop\OTL.com
2014-03-18 07:20 - 2013-12-31 14:06 - 00003356 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-387024861-1857405023-142887614-1000
2014-03-17 22:50 - 2013-05-30 14:32 - 00000000 ____D () C:\JRT
2014-03-17 18:51 - 2013-05-30 13:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-17 10:02 - 2013-05-30 13:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-17 09:59 - 2014-03-17 09:59 - 00001341 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-17 09:44 - 2014-03-17 09:44 - 00001041 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-03-17 09:44 - 2014-03-17 09:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-17 09:40 - 2014-03-17 09:40 - 04095448 _____ (BrightFort LLC ) C:\Users\coldharbor1950\Downloads\spywareblastersetup50.exe
2014-03-16 13:52 - 2014-03-16 13:52 - 00000968 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_135229.reg
2014-03-16 11:40 - 2014-03-16 11:40 - 00002790 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-16 11:40 - 2014-03-16 11:40 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-03-16 11:40 - 2014-03-16 11:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-16 08:07 - 2014-03-16 08:07 - 00006528 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_080703.reg
2014-03-16 08:06 - 2014-03-16 08:06 - 00052550 _____ () C:\Users\coldharbor1950\Documents\cc_20140316_080611.reg
2014-03-16 03:25 - 2013-12-10 10:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 03:25 - 2013-12-10 10:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 19:15 - 2014-01-18 18:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-15 19:14 - 2014-03-15 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-15 19:14 - 2014-03-15 19:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-15 19:14 - 2014-03-15 19:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-15 19:12 - 2014-03-15 19:12 - 00921000 _____ (Oracle Corporation) C:\Users\coldharbor1950\Downloads\chromeinstall-7u51 (2).exe
2014-03-15 15:56 - 2012-01-18 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-15 15:43 - 2012-10-22 10:25 - 00004248 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm
2014-03-15 15:43 - 2012-10-22 10:25 - 00003508 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2014-03-15 15:40 - 2014-03-15 15:40 - 14805000 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup-cnetc (1).exe
2014-03-15 14:38 - 2012-06-09 14:07 - 00000000 ____D () C:\Users\coldharbor1950
2014-03-15 14:35 - 2013-12-17 22:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-15 14:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-03-15 13:33 - 2014-03-15 09:17 - 00000000 ____D () C:\Users\coldharbor1950\Downloads\mbam-chameleon-1.62.1.1000
2014-03-15 13:33 - 2013-11-19 21:22 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-15 13:33 - 2013-02-08 17:21 - 00000000 ____D () C:\ProgramData\pdf995
2014-03-15 13:33 - 2012-12-07 10:45 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-15 13:33 - 2012-11-09 22:49 - 00000000 ____D () C:\ProgramData\IObit
2014-03-15 13:33 - 2012-10-12 15:52 - 00000000 ____D () C:\Windows\WindowsMobile
2014-03-15 13:33 - 2012-01-18 17:30 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-03-15 13:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-15 13:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-03-15 13:30 - 2014-02-24 14:03 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\AVG
2014-03-15 13:30 - 2014-02-24 14:01 - 00000000 ____D () C:\ProgramData\AVG
2014-03-15 13:30 - 2014-02-14 21:56 - 00000000 ____D () C:\Program Files\Java
2014-03-15 13:30 - 2012-12-07 10:45 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\Real
2014-03-15 13:30 - 2012-12-07 10:43 - 00000000 ____D () C:\ProgramData\Real
2014-03-15 13:30 - 2012-10-30 03:03 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\Skype
2014-03-15 13:29 - 2014-02-20 18:48 - 00000000 ____D () C:\Program Files (x86)\HRBlock2013
2014-03-15 13:28 - 2014-02-19 20:20 - 00000000 ____D () C:\DrvInstall
2014-03-15 09:16 - 2014-03-15 09:16 - 01440846 _____ () C:\Users\coldharbor1950\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-03-15 08:36 - 2014-03-15 08:36 - 00071630 _____ () C:\Users\coldharbor1950\Downloads\Extras.Txt
2014-03-14 18:39 - 2012-10-20 18:10 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Local\CrashDumps
2014-03-14 13:30 - 2014-03-14 13:30 - 00003139 _____ () C:\Users\coldharbor1950\Documents\Google Redirect.txt
2014-03-13 21:25 - 2014-03-13 21:25 - 00020106 _____ () C:\Users\coldharbor1950\Documents\startup.txt
2014-03-13 19:31 - 2014-03-13 19:31 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\VS Revo Group
2014-03-13 14:21 - 2014-03-13 14:21 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-03-12 09:41 - 2014-03-12 09:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 09:41 - 2014-03-12 09:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-11 20:26 - 2014-03-10 10:53 - 00018052 _____ () C:\Users\coldharbor1950\Documents\eBay.odt
2014-03-09 19:26 - 2013-01-05 11:35 - 00000000 ___HD () C:\Users\coldharbor1950\Documents\HRBlock
2014-03-09 12:24 - 2014-02-22 12:18 - 00001514 _____ () C:\Users\coldharbor1950\Documents\eBay Civil War.txt
2014-03-01 01:05 - 2014-03-15 16:08 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:17 - 2014-03-15 16:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:16 - 2014-03-15 16:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 23:58 - 2014-03-15 16:09 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:52 - 2014-03-15 16:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 23:51 - 2014-03-15 16:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 23:42 - 2014-03-15 16:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 23:40 - 2014-03-15 16:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 23:37 - 2014-03-15 16:08 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 23:33 - 2014-03-15 16:08 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 23:33 - 2014-03-15 16:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 23:32 - 2014-03-15 16:08 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 23:30 - 2014-03-15 16:09 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 23:23 - 2014-03-15 16:08 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 23:17 - 2014-03-15 16:08 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:11 - 2014-03-15 16:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 23:02 - 2014-03-15 16:08 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 22:54 - 2014-03-15 16:08 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 22:52 - 2014-03-15 16:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 22:51 - 2014-03-15 16:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 22:47 - 2014-03-15 16:09 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 22:43 - 2014-03-15 16:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 22:43 - 2014-03-15 16:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 22:42 - 2014-03-15 16:08 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:40 - 2014-03-15 16:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 22:38 - 2014-03-15 16:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 22:37 - 2014-03-15 16:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 22:35 - 2014-03-15 16:08 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 22:18 - 2014-03-15 16:08 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:16 - 2014-03-15 16:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 22:14 - 2014-03-15 16:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 22:10 - 2014-03-15 16:08 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:03 - 2014-03-15 16:09 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 22:00 - 2014-03-15 16:08 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 21:57 - 2014-03-15 16:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 21:38 - 2014-03-15 16:08 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 21:32 - 2014-03-15 16:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 21:27 - 2014-03-15 16:09 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 21:25 - 2014-03-15 16:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 21:25 - 2014-03-15 16:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 15:27 - 2014-02-27 15:27 - 14827320 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup (2).exe
2014-02-25 21:25 - 2013-12-14 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-25 21:19 - 2014-02-25 21:16 - 78353784 _____ (AVG) C:\Users\coldharbor1950\Downloads\avg_tuh_stf_all_2014_295.exe
2014-02-24 14:24 - 2014-02-24 14:01 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-24 14:24 - 2012-12-28 21:07 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Local\Downloaded Installations
2014-02-24 14:24 - 2012-11-19 20:03 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Roaming\hpqLog
2014-02-24 14:24 - 2012-11-19 20:03 - 00000000 ____D () C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-02-24 14:24 - 2012-06-10 14:41 - 00000000 ___HD () C:\Users\coldharbor1950\AppData\Roaming\HpUpdate
2014-02-24 14:04 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-02-24 14:00 - 2014-02-24 13:58 - 78353832 _____ (AVG) C:\Users\coldharbor1950\Downloads\avg_tuh_stf_all_2014_295_24c28.exe
2014-02-23 11:53 - 2011-02-11 12:15 - 00775546 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-22 10:11 - 2014-02-22 10:11 - 00847856 _____ (Google Inc.) C:\Users\coldharbor1950\Downloads\ChromeSetup.exe
2014-02-21 18:52 - 2014-02-21 18:52 - 15530400 _____ (Siber Systems) C:\Users\coldharbor1950\Downloads\RoboForm-Setup (1).exe
2014-02-20 18:51 - 2014-02-20 18:51 - 00001991 _____ () C:\Users\Public\Desktop\H&R Block 2013.lnk
2014-02-20 18:51 - 2013-01-05 11:37 - 00000000 ____D () C:\Users\coldharbor1950\AppData\Roaming\TaxCut
2014-02-20 18:46 - 2013-01-05 11:32 - 00000000 ____D () C:\ProgramData\TaxCut
2014-02-20 13:52 - 2014-02-20 13:51 - 00000000 ____D () C:\Users\coldharbor1950\Desktop\2013 Taxes
2014-02-20 13:49 - 2014-02-20 13:47 - 03830677 _____ () C:\Users\coldharbor1950\Downloads\w2.zip
2014-02-20 02:07 - 2012-12-19 20:08 - 00003240 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForcoldharbor1950
2014-02-20 02:07 - 2012-12-19 20:08 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForcoldharbor1950.job
2014-02-19 20:22 - 2012-01-18 16:59 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-02-19 20:20 - 2014-02-19 20:20 - 43720192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-02-19 20:20 - 2014-02-19 20:20 - 03791320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-02-19 20:20 - 2014-02-19 20:20 - 02782936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-02-19 20:20 - 2014-02-19 20:20 - 00704269 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-02-19 20:20 - 2014-02-19 20:20 - 00154840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll

Some content of TEMP:
====================
C:\Users\coldharbor1950\AppData\Local\Temp\123B96B2-D60A-4455-AC95-9F16D72A3EFD.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-10 00:20

#14
Crowbar

Posted 20 March 2014 - 05:51 AM

Teacher

GeekU Moderator
4,798 posts

Ok,
Lets try deleting those files again, I made a small error in that path, should have been in double quotes. Sorry about that....
I am going to copy my previous instructions for that and paste below so you can find it easily, please try it one more time and see if that works better.

I think you are confusing the term SearchScopes in these log files. It's referring to the search engines that your browser uses when it does a search for you.
Your Internet Explorer SearchScopes are:

Amazon.com
Ebay.com
Google.com

they are all are legit, so that's one thing less for you to worry about.

TDSS was a bit of a pain. It wanted to update and insisted on using Google.

I assume that you mean Google Chrome here, it's ok if TDSSKiller didn't update

I uninstalled Google completely using C-Cleaner.

Again, assuming you are talking about Chrome here. I don't think that ccleaner has a tool to uninstall a program. Again, if you are using the registry cleaner part of ccleaner, that's bad. All registry "cleaners", "bosters", "optimizers" have the potential to seriously damage your operating system, and I encourage you *not* to use them, at least while we are working on your computer.
From my welcome speech:

Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

I really do need to see that TDSSKiller log before I can procede, but we can move ahead with Chrome.
Please look for it in the root directory of your c: drive (c:\) it should be called "TDSSKiller.[Version]_[Date]_[Time]_log.txt".

Here are my modified instructions from earlier:

Now we can remove the profile files, so please close Chrome and reboot your computer.
Click on the start button and paste this into the search box (including the double quotes) - "%LOCALAPPDATA%\Google\Chrome\User Data\" then press enter.
In that folder I would like you to delete 2 files - web-data and Web Data-journal, just right click each one and select Delete.
Restart Chrome and tell me how it works now.

and finally, please do the following for me:

Download attached fixlist.txt file and save it to the Desktop, which is where FRST should be located.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

In your next reply I would like to see:

Fixlog.txt
How is Chrome doing if you were able to delete those 2 files
TDSSKiller log file

Attached Files

fixlist.txt 749bytes 210 downloads

#15
krisinluck

Posted 20 March 2014 - 08:50 AM

Member

Topic Starter
Member
116 posts

The TDSS log will not post as a whole. It is attached here.

C-Cleaner does have an uninstall program; it is found under the Tools on the far left.

I promise you I have not done anything with the registry clean up since we began. Google is working great now - opens the right pages and all of my profile is working well again. It's a bit sluggish, but nothing like before.

Now off to follow the directions you gave me.