Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

More problems with malware in Chrome


  • Please log in to reply

#46
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,711 posts
  • MVP

No problem.  Life comes first. 


  • 0

Advertisements


#47
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

I'm home now.  Have some paperwork to enter, but I'll be around.  


  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,711 posts
  • MVP

Let's see if cleaning up the hosts file will help with the DNScaching error.

 

You may want to copy your current hosts file in case it has no effect so you can put it back.  It's located at c:\windows\system32\drivers\etc\hosts but it's a bear to work with in Win 7.  Usually have to change the owner to make changes.

 

Download HostsXpert from http://www.funkytoad.../HostsXpert.zip.  Save the file then right click and Extract All.  It will create a new folder in the same place.  In the folder find HostsXpert.exe and right click on it and Run As Administrator.
 
It will take a few seconds to appear.  If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only?  If it already says Make Read Only? that's OK just go on to the next step.
Now click on the left column entry that says: Restore MSHosts file.  Click on the Make Read Only? entry then close HostXpert.  
 
Now let's do a disk check and then look at the errors to see if it helped.
 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
In any event do the next step:
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.

  • 0

#49
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Link to FunkyToad does not work.  I get the following:

 

Not Found

The requested URL /download/HostsXpert.zip was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

 

There are links to a same named file in a search, but I don't want to download from anywhere it isn't safe.  I've got enough trouble already.


  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,711 posts
  • MVP

Try http://www.majorgeek...hostsxpert.html


  • 0

#51
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Okay.  It's downloaded.

 

Here's the problem:  When I click on Restore MS Hosts File, this is the message I get a small window open in the middle of the page that says

 

Press Okay to restore Microsofts original Hosts File

 

With the option of "Okay" and "Cancel" at the bottom of it.  

 

I tried ignoring that and clicking Make Read Only? but it does nothing with that small box open.  

 

Any ideas?


  • 0

#52
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,711 posts
  • MVP

Yes.  You need to Press Okay to restore Microsofts original Hosts File

 

If it doesn't work make sure you started it by right clicking and Run As Admin.


  • 0

#53
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Okay.  I will run the disk check as I am leaving to help out a friend in her restaurant tonight.  I'll finish it up when I get home - should be around 10 pm Central time.  


  • 0

#54
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

I haven't abandoned this at all -- things have been a little crazy.  It's that Life Comes First thing.  I'm going to try to finish this up this evening.  


  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,711 posts
  • MVP

No problem.  I do not keep track.


  • 0

Advertisements


#56
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

I just didn't want you to close this.  

 

sfc  /scannow ran beautifully.  

 

 

 

VEW System Log:

 

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 20/04/2014 11:24:21 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/04/2014 4:13:18 PM
Type: Error Category: 0
Event: 877 Source: Application Popup
There was error [DATABASE OPEN FAILED] processing the driver database.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/04/2014 4:13:18 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\vwifibus failed to load for the device USB\VID_0846&PID_9020\113.
 
Log: 'System' Date/Time: 20/04/2014 2:36:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 20/04/2014 2:36:06 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
 
VEW Application Log:
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/04/2014 11:25:53 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/04/2014 5:35:38 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 19/04/2014 5:35:35 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 18/04/2014 4:08:55 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process id: 0x138c Faulting application start time: 0x01cf5b207bccb188 Faulting application path: C:\Windows\SysWOW64\DllHost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: bcfeaf74-c713-11e3-8ea3-e840f258bf53
 
Log: 'Application' Date/Time: 18/04/2014 5:35:43 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 17/04/2014 5:36:01 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 16/04/2014 10:39:17 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting process id: 0x174c Faulting application start time: 0x01cf59c4b31e1964 Faulting application path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: f13b51b4-c5b7-11e3-acd9-e840f258bf53
 
Log: 'Application' Date/Time: 16/04/2014 10:37:42 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting process id: 0x1698 Faulting application start time: 0x01cf59c4779ab33f Faulting application path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: b859a25c-c5b7-11e3-acd9-e840f258bf53
 
Log: 'Application' Date/Time: 16/04/2014 5:36:05 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 15/04/2014 5:36:06 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 14/04/2014 5:24:24 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 13/04/2014 5:35:58 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 12/04/2014 9:30:47 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: wmplayer.exe, version: 12.0.7601.18150, time stamp: 0x518c6df8 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process id: 0x1680 Faulting application start time: 0x01cf569670edc9f0 Faulting application path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: b5b24ad0-c289-11e3-88c4-e840f258bf53
 
Log: 'Application' Date/Time: 12/04/2014 9:27:21 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: wmplayer.exe, version: 12.0.7601.18150, time stamp: 0x518c6df8 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process id: 0x938 Faulting application start time: 0x01cf5695f70f1add Faulting application path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 3aff31a1-c289-11e3-88c4-e840f258bf53
 
Log: 'Application' Date/Time: 12/04/2014 9:25:33 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: wmplayer.exe, version: 12.0.7601.18150, time stamp: 0x518c6df8 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process id: 0x164c Faulting application start time: 0x01cf5695ae01c769 Faulting application path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: fa9e7430-c288-11e3-88c4-e840f258bf53
 
Log: 'Application' Date/Time: 12/04/2014 5:36:03 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 11/04/2014 8:17:31 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting process id: 0x1314 Faulting application start time: 0x01cf55c310ce3501 Faulting application path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 4f3129e5-c1b6-11e3-9435-e840f258bf53
 
Log: 'Application' Date/Time: 11/04/2014 8:17:16 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting process id: 0x10d0 Faulting application start time: 0x01cf55c3058b5a0a Faulting application path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 45e9ff4e-c1b6-11e3-9435-e840f258bf53
 
Log: 'Application' Date/Time: 11/04/2014 3:31:04 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: services.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc10e Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000005 Fault offset: 0x0000000000020a7a Faulting process id: 0x23c Faulting application start time: 0x01cf558aef83f5ad Faulting application path: C:\Windows\system32\services.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 4a73d5dd-c18e-11e3-9acb-e840f258bf53
 
Log: 'Application' Date/Time: 11/04/2014 1:46:06 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting process id: 0xe74 Faulting application start time: 0x01cf558c627e45c7 Faulting application path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: a0f062de-c17f-11e3-9acb-e840f258bf53
 
Log: 'Application' Date/Time: 11/04/2014 1:45:53 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting process id: 0x408 Faulting application start time: 0x01cf558c59eec282 Faulting application path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 98d321a6-c17f-11e3-9acb-e840f258bf53
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/04/2014 4:13:58 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=1A8}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 20/04/2014 4:13:49 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=1A8}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 20/04/2014 2:36:00 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-387024861-1857405023-142887614-1000:
Process 660 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-387024861-1857405023-142887614-1000
 
 
Log: 'Application' Date/Time: 20/04/2014 1:57:28 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=9D0}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 20/04/2014 1:57:20 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=9D0}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 20/04/2014 1:56:11 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-387024861-1857405023-142887614-1000:
Process 664 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-387024861-1857405023-142887614-1000
 
 
Log: 'Application' Date/Time: 20/04/2014 5:00:02 AM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 20/04/2014 2:08:16 AM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 20/04/2014 1:38:44 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=9C8}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 20/04/2014 1:38:31 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=9C8}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 20/04/2014 1:37:09 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-387024861-1857405023-142887614-1000:
Process 668 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-387024861-1857405023-142887614-1000
 
 
Log: 'Application' Date/Time: 19/04/2014 9:44:43 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 19/04/2014 9:15:05 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=A44}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 19/04/2014 9:14:50 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=A44}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 19/04/2014 9:13:36 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-387024861-1857405023-142887614-1000:
Process 660 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-387024861-1857405023-142887614-1000
 
 
Log: 'Application' Date/Time: 19/04/2014 1:58:49 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 19/04/2014 1:14:07 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=AA4}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 19/04/2014 1:13:53 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=AA4}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 19/04/2014 1:12:36 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-387024861-1857405023-142887614-1000:
Process 668 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-387024861-1857405023-142887614-1000
 
 
Log: 'Application' Date/Time: 19/04/2014 5:00:05 AM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 

Edited by krisinluck, 20 April 2014 - 10:36 AM.

  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,711 posts
  • MVP
Type: Error Category: 0
Event: 877 Source: Application Popup
There was error [DATABASE OPEN FAILED] processing the driver database.

 

 

This is probably because the file C:\Windows\AppPatch\drvmain.sdb is corrupt or has wrong permissions.
If you right click on it and select Properties then Security you should see that System has Read and  Execute and Read checked.
Ditto for Admins and Users but TrustedInstaller has full control.  
 
 
 
ESET Online Scan isn't working so needs to be uninstalled.
 
Log: 'System' Date/Time: 20/04/2014 4:13:18 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\vwifibus failed to load for the device USB\VID_0846&PID_9020\...

 

 

 
This is your wireless adapter so that it is talking about.  I would download a new driver from the maker and install it and see if that helps.
 
 

 

 

 Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process id: 0x138c Faulting application start time: 0x01cf5b207bccb188 Faulting application path: C:\Windows\SysWOW64\DllHost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: bcfeaf74-c713-11e3-8ea3-e840f258bf53

 

 

There are a lot of posts on line about IE10 and KB2670838 causing this on some hardware platforms.  The fix is supposed to be to uninstall both IE10 and KB2670838 and not let them get reinstalled.  Supposedly it causes a memory leak which eventually crashes the system.  Worse with 3D videos and games and if you use Windows Media Player.  (I hate WMP.  Prefer the free VLC myself.  It hardly ever asks for a codec.   http://www.videolan....ad-windows.html)  

 

Were you ever able to reset the hosts file?


  • 0

#58
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
C:\Windows\AppPatch\drvmain.sdb shows Read and Execute and Read for System, Admin, & Users.  TrustedInstaller has full control.
 
ESET is uninstalled now.
 
Downloaded and installed NetGear WNA3100 most recent driver.
 
I use Windows Media Player VERY RARELY.  Maybe a couple of times a year.  I'm not a fan, but was unaware of an alternative.  What do I need to do to uninstall as mentioned so they will not reinstall?  I will download from your link if I can get rid of them for good.
 
As for resetting the Hosts File...I did only what you instructed in this post.  I have no clue how to reset the hosts file if it isn't in that post.  I did do exactly as the post said in all areas.  Tell me what to do.  I've been further into the Windows System than I ever have been before this last few months, but I still need instructions on how to do things like this.

  • 0

#59
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,711 posts
  • MVP

Let's run OTL, Quickscan.  You will only get one log.  Please post it then I can see if the hosts file was reset.

 

Then see if you can open C:\Windows\AppPatch\drvmain.sdb using notepad.  It won't make any sense but I just want to see if the file will open.  Close the file.  Don't save it.

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.




1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

 

If you install VLC it will take over playing all of the stuff that WMP does now so you won't need to uninstall it.


  • 0

#60
krisinluck

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Sorry to have been so absent.  I was gone to the cities for tests from 7am until around 9pm.  Crazy day.

 

OTL Log:

 

OTL logfile created on: 4/22/2014 3:35:41 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\coldharbor1950\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.60 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 59.60% Memory free
7.20 Gb Paging File | 5.64 Gb Available in Paging File | 78.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.07 Gb Total Space | 396.77 Gb Free Space | 88.35% Space Free | Partition Type: NTFS
Drive D: | 16.59 Gb Total Space | 2.04 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 58.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: ICELAND | User Name: coldharbor1950 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/18 11:44:02 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/04/07 18:04:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.exe
PRC - [2014/04/06 17:18:35 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/06 17:18:35 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/06 17:18:23 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/29 23:12:59 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2013/11/22 19:34:46 | 008,266,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2013/11/11 15:10:40 | 000,307,928 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/06 17:18:36 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/11/22 19:34:46 | 008,266,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2013/11/01 17:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/06 17:18:35 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/04/06 17:18:23 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014/03/06 03:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/19 20:20:34 | 000,290,520 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/10/08 10:34:38 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/12/06 04:11:58 | 000,235,520 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/04/12 16:44:08 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/11/11 15:10:40 | 000,307,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 20:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/12 12:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 19:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 19:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/22 14:15:53 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/06 17:18:39 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/06 17:18:39 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/06 17:18:39 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/06 17:18:39 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/04/06 17:18:39 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/06 17:18:39 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/06 17:18:38 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/06 17:18:27 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/04/06 17:18:24 | 000,445,304 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/12/17 20:11:58 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/31 19:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 19:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/11/09 23:00:39 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/11/09 23:00:39 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 16:49:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/18 16:49:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/23 10:53:10 | 000,104,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/12/06 04:45:42 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/06 03:12:16 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/22 11:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/16 04:41:55 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/03 12:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{4F1149B4-DD36-468D-A3A7-B9D541595DEF}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{71DB2072-787A-4596-A0E5-2E1030999197}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{BFEA6F40-07F2-4574-AA8F-7735F594B606}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/06 17:18:40 | 000,000,000 | ---D | M]
 
[2014/03/27 15:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\extensions
[2014/03/23 18:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\Profiles\6uaxzxqg.default\extensions
[2014/02/15 08:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\Profiles\d9ahv30v.default\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google Search (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.550.14 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U55 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live™ Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Disabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
CHR - Extension: Google Docs = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_0\
CHR - Extension: avast! Online Security = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3.1_0\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_0\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_0\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: RoboForm = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_0\
 
O1 HOSTS File: ([2014/04/17 22:17:16 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8:64bit: - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BFB52D9-683D-4C15-BDCF-FBB9F88FDD70}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/15 05:14:16 | 000,000,082 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/22 15:34:48 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Roaming\vlc
[2014/04/22 15:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/04/22 15:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/04/17 08:03:32 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\HostsXpert
[2014/04/11 15:20:41 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\ComIntRepair
[2014/04/10 21:18:16 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
[2014/04/10 21:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2014/04/10 15:57:33 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\0410 Runs
[2014/04/10 15:41:51 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2014/04/10 15:41:51 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\BlueScreenView
[2014/04/08 16:23:32 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\GrantPerms
[2014/04/07 18:04:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.exe
[2014/04/06 19:29:47 | 000,000,000 | R--D | C] -- C:\Users\coldharbor1950\Dropbox
[2014/04/06 17:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/04/06 17:18:42 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/06 17:18:42 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/06 17:18:42 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/06 17:18:42 | 000,084,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/06 17:18:42 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/06 17:18:41 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/04/06 17:18:38 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/06 17:18:24 | 000,445,304 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/04/06 12:16:17 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\mbar
[2014/04/06 11:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/06 08:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/04/06 08:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/01 09:17:02 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\TFC.exe
[2014/03/31 16:55:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/31 16:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
[2014/03/31 16:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foolish IT
[2014/03/31 16:46:58 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/03/28 22:34:36 | 000,000,000 | R--D | C] -- C:\Users\coldharbor1950\Documents\HP Photo Creations
[2014/03/28 22:34:36 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Roaming\Visan
[2014/03/28 22:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/03/28 18:38:22 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Roaming\Serif
[2014/03/27 16:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/03/27 16:55:00 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/27 16:54:59 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/03/27 16:54:59 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/27 16:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/03/27 15:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/03/27 15:59:20 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/25 08:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/25 08:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/03/24 23:04:08 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/24 22:57:11 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/03/24 18:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/24 16:21:43 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\Windows Repair (All in One)
[2014/03/24 16:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/03/24 16:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/22 15:33:33 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/04/22 15:18:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/22 14:15:53 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/22 13:54:02 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/22 13:54:02 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/22 13:53:25 | 000,783,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/22 13:53:25 | 000,651,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/22 13:53:25 | 000,118,604 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/22 13:48:56 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/22 13:48:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/22 12:19:02 | 000,403,189 | ---- | M] () -- C:\Users\coldharbor1950\Documents\Scan0009.jpg
[2014/04/21 07:07:20 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForcoldharbor1950.job
[2014/04/20 16:23:25 | 000,001,093 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
[2014/04/20 16:23:25 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk
[2014/04/17 22:17:16 | 000,000,698 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/16 17:42:12 | 000,423,505 | ---- | M] () -- C:\Users\coldharbor1950\Documents\Layla 4.jpg
[2014/04/16 17:40:50 | 000,487,125 | ---- | M] () -- C:\Users\coldharbor1950\Documents\Layla 3.jpg
[2014/04/16 17:39:10 | 000,470,480 | ---- | M] () -- C:\Users\coldharbor1950\Documents\Layla 2.jpg
[2014/04/16 17:37:04 | 000,394,371 | ---- | M] () -- C:\Users\coldharbor1950\Documents\Layla 1.jpg
[2014/04/13 07:27:50 | 000,000,460 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\cc_20140413_072742.reg
[2014/04/12 18:54:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/11 15:48:24 | 001,586,165 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\ComIntRepair (1).exe
[2014/04/11 08:21:16 | 000,044,782 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\Int repair.JPG
[2014/04/10 13:46:57 | 000,007,605 | ---- | M] () -- C:\Users\coldharbor1950\AppData\Local\Resmon.ResmonCfg
[2014/04/09 14:50:14 | 000,002,241 | ---- | M] () -- C:\Users\coldharbor1950\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/09 14:50:14 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/09 11:49:46 | 000,000,448 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140409_114937.reg
[2014/04/09 11:15:02 | 000,421,949 | ---- | M] () -- C:\Users\coldharbor1950\Documents\Nick Oakwood 2012.jpg
[2014/04/09 11:12:49 | 000,657,441 | ---- | M] () -- C:\Users\coldharbor1950\Documents\Nick Blacksmith 2012.jpg
[2014/04/08 16:19:20 | 000,453,083 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\GrantPerms.zip
[2014/04/08 14:56:46 | 000,061,440 | ---- | M] ( ) -- C:\Users\coldharbor1950\Desktop\VEW (1).exe
[2014/04/08 14:20:26 | 000,113,327 | ---- | M] () -- C:\Users\coldharbor1950\Documents\bookmarks_4_8_14.html
[2014/04/08 14:18:33 | 000,002,275 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\Kindle.lnk
[2014/04/07 20:59:51 | 000,002,330 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140407_205946.reg
[2014/04/07 18:04:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.exe
[2014/04/07 11:14:32 | 000,003,900 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140407_111423.reg
[2014/04/07 07:28:17 | 000,000,826 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140407_072805.reg
[2014/04/06 19:19:13 | 000,000,478 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140406_191909.reg
[2014/04/06 17:21:35 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/04/06 17:21:35 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/04/06 17:18:39 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/06 17:18:39 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/06 17:18:39 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/06 17:18:39 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/06 17:18:39 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/06 17:18:39 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/06 17:18:39 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/06 17:18:38 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/06 17:18:38 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/06 17:18:27 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/04/06 17:18:24 | 000,445,304 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/04/06 12:16:22 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/06 12:00:48 | 000,000,878 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140406_120042.reg
[2014/04/06 09:20:01 | 000,001,484 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140406_091957.reg
[2014/04/06 09:09:09 | 000,010,716 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140406_090859.reg
[2014/04/06 08:59:22 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/05 20:58:08 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/03 08:33:25 | 000,763,956 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2014/04/03 07:53:25 | 001,426,178 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\AdwCleaner.exe
[2014/04/01 09:17:56 | 000,001,157 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\TFC - Shortcut.lnk
[2014/04/01 09:17:14 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\TFC.exe
[2014/03/31 16:54:21 | 000,053,248 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2014/03/31 16:53:49 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2014/03/28 19:19:38 | 000,314,347 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140403-083325.backup
[2014/03/27 08:40:22 | 000,333,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/26 18:18:51 | 000,110,288 | ---- | M] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_26_14.html
[2014/03/24 23:25:10 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/24 23:14:35 | 000,783,424 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/24 22:58:32 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ICELAND-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/24 16:21:48 | 000,002,121 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/03/23 17:22:10 | 000,111,056 | ---- | M] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_23_14.html
 
========== Files Created - No Company Name ==========
 
[2014/04/22 15:33:33 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/04/22 12:19:02 | 000,403,189 | ---- | C] () -- C:\Users\coldharbor1950\Documents\Scan0009.jpg
[2014/04/16 17:42:12 | 000,423,505 | ---- | C] () -- C:\Users\coldharbor1950\Documents\Layla 4.jpg
[2014/04/16 17:40:50 | 000,487,125 | ---- | C] () -- C:\Users\coldharbor1950\Documents\Layla 3.jpg
[2014/04/16 17:39:10 | 000,470,480 | ---- | C] () -- C:\Users\coldharbor1950\Documents\Layla 2.jpg
[2014/04/16 17:37:04 | 000,394,371 | ---- | C] () -- C:\Users\coldharbor1950\Documents\Layla 1.jpg
[2014/04/13 07:27:47 | 000,000,460 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\cc_20140413_072742.reg
[2014/04/11 15:48:09 | 001,586,165 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\ComIntRepair (1).exe
[2014/04/11 08:21:08 | 000,044,782 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\Int repair.JPG
[2014/04/10 21:11:53 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
[2014/04/10 13:46:27 | 000,007,605 | ---- | C] () -- C:\Users\coldharbor1950\AppData\Local\Resmon.ResmonCfg
[2014/04/09 11:49:40 | 000,000,448 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140409_114937.reg
[2014/04/09 11:15:02 | 000,421,949 | ---- | C] () -- C:\Users\coldharbor1950\Documents\Nick Oakwood 2012.jpg
[2014/04/09 11:12:49 | 000,657,441 | ---- | C] () -- C:\Users\coldharbor1950\Documents\Nick Blacksmith 2012.jpg
[2014/04/08 16:23:32 | 000,459,114 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\GrantPerms.exe
[2014/04/08 16:19:05 | 000,453,083 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\GrantPerms.zip
[2014/04/08 14:56:38 | 000,061,440 | ---- | C] ( ) -- C:\Users\coldharbor1950\Desktop\VEW (1).exe
[2014/04/08 14:20:26 | 000,113,327 | ---- | C] () -- C:\Users\coldharbor1950\Documents\bookmarks_4_8_14.html
[2014/04/07 20:59:49 | 000,002,330 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140407_205946.reg
[2014/04/07 11:14:26 | 000,003,900 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140407_111423.reg
[2014/04/07 07:28:10 | 000,000,826 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140407_072805.reg
[2014/04/06 19:19:12 | 000,000,478 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140406_191909.reg
[2014/04/06 17:21:35 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/04/06 17:21:35 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/04/06 17:18:42 | 000,208,928 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/06 17:18:42 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/06 12:00:46 | 000,000,878 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140406_120042.reg
[2014/04/06 11:08:32 | 000,002,241 | ---- | C] () -- C:\Users\coldharbor1950\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/06 11:08:32 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/06 09:19:59 | 000,001,484 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140406_091957.reg
[2014/04/06 09:09:03 | 000,010,716 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140406_090859.reg
[2014/04/06 08:59:22 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/03 07:53:13 | 001,426,178 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\AdwCleaner.exe
[2014/04/01 09:17:56 | 000,001,157 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\TFC - Shortcut.lnk
[2014/03/31 18:37:43 | 000,018,052 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\eBay.odt
[2014/03/31 16:54:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2014/03/31 16:53:49 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2014/03/27 16:55:06 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/27 08:40:14 | 000,333,712 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/26 18:18:50 | 000,110,288 | ---- | C] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_26_14.html
[2014/03/24 22:58:32 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ICELAND-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/24 18:30:00 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/03/24 16:21:48 | 000,002,121 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/03/23 17:22:10 | 000,111,056 | ---- | C] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_23_14.html
[2014/01/05 09:32:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/10/25 21:53:36 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2013/10/08 10:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/10/08 08:36:07 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/08 08:36:07 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/08/21 22:22:33 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/05/11 11:59:30 | 000,078,697 | -H-- | C] () -- C:\Users\coldharbor1950\Bottom Contact.jpg
[2013/02/08 17:21:10 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2013/02/08 17:21:07 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2013/01/17 23:52:39 | 000,002,147 | -H-- | C] () -- C:\Users\coldharbor1950\PrintMaster-2012-Platinum.prefs
[2012/12/28 21:08:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Gems
[2012/12/28 21:08:52 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Fruit
[2012/12/28 21:07:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Generic
[2012/12/28 21:07:44 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Funk Animals
[2012/12/28 21:07:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Galaxy Swirl
[2012/12/28 21:07:43 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Frameworks
[2012/12/28 21:07:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hip Hop
[2012/12/28 21:07:08 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\HAL
[2012/11/25 16:08:40 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/10/21 08:08:26 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\AVAST Software
[2012/10/19 20:28:23 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\com.masque.slots.IGTSlotsLilLady
[2012/11/25 22:48:36 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Encore
[2013/12/18 10:53:43 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\IObit
[2013/12/15 09:58:43 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Masque
[2013/12/15 09:51:50 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\OpenOffice
[2013/12/15 09:51:49 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\OpenOffice.org
[2013/10/17 09:40:59 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Oracle
[2013/12/15 09:58:46 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\pdf995
[2013/07/13 08:07:21 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\RoboForm
[2013/12/15 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Scribus
[2014/03/28 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Serif
[2013/12/15 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\SmartDraw
[2014/01/02 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\SoftGrid Client
[2012/12/05 13:24:50 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Stardock
[2014/02/20 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TaxCut
[2012/11/07 10:15:21 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TP
[2013/12/30 00:33:06 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TuneUp Software
[2014/03/28 22:34:36 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Visan
[2012/10/23 22:16:14 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\WildTangent
[2012/10/11 17:51:54 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >
 
 
C:\Windows\AppPatch\drvmain.sdb opened in Notepad.  Interesting.  I closed it down.  
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP