Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser infected.. w/ Bee coupons wont uninstall..affecting all browsers


  • This topic is locked This topic is locked
58 replies to this topic

#1 scubaman2009

scubaman2009

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:08:46 AM

Posted 23 January 2014 - 04:04 PM

Hi,

Id like to thank you in advance for any help you are able to give me. So somehow i got this BEE COUPONS extension installed in chrome. not sure how it got here. it turns words on the page into links causing pop up adds,pop-ups and extra adds on webpages. When i go to the extension page to uninstall it in chrome it wont let me it says its installed by enterprise policy. I've done Norton scans for virus's, I've also done malwarebyte's searched for hrs on the internet and others have had this pesky extension installed and have the same issue. Ive even went as far as uninstalling and re-installing chrome and deleteing registry items for the extension and it still comes back. im really at a complete loss on this PLEASE HELP!! lol i am attaching a screen shot of the extension in chrome page in chrome so you can see what i see on it

 

thanks

 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Bubba7420 at 15:16:13 on 2014-01-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6126.3717 [GMT -5:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
c:\postgres\bin\pg_ctl.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
c:\postgres\bin\postgres.exe
c:\apache-tomcat-6.0.18\bin\tomcat6.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
c:\postgres\bin\postgres.exe
c:\postgres\bin\postgres.exe
c:\postgres\bin\postgres.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Users\Bubba7420\AppData\Local\Akamai\netsession_win.exe
C:\Users\Bubba7420\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Users\Bubba7420\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files (x86)\SHARP\Sharpdesk\FTPServer.exe
C:\Program Files (x86)\SHARP\Sharpdesk\IndexTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
C:\Users\Bubba7420\Desktop\Datum Memory Booster\memBoost.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Sharp\Sharpdesk\Indexer.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Glary Utilities 4\SoftwareUpdate.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {DD4A10D0-0524-52BC-9E13-D94CB85B6901} - <orphaned>
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\coieplg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: DocuCom PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\coieplg.dll
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
uRun: [Akamai NetSession Interface] "C:\Users\Bubba7420\AppData\Local\Akamai\netsession_win.exe"
uRun: [GUDelayStartup] C:\Program Files (x86)\Glary Utilities 4\StartupManager.exe -delayrun
mRun: [FtpServer.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe" -usedefault
mRun: [IndexTray.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe" /n
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\BUBBA7~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bubba7420\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\BUBBA7~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\BUBBA7~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RIZONE~1.LNK - C:\Users\Bubba7420\Desktop\Datum Memory Booster\memBoost.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODEME~1.LNK - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - <no file>
IE: Open with PDF Viewer 7 - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - <orphaned>
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP1-17055/support/ieatgpc1.cab
TCP: Interfaces\{50236466-563E-46EF-A3A8-B9D5D3DB36F7} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{D726B9D6-BF17-49F0-A998-6B63D7E304A5}\649455149425 : DHCPNameServer = 131.94.7.220 131.94.205.10 131.94.226.10
TCP: Interfaces\{D726B9D6-BF17-49F0-A998-6B63D7E304A5}\649455F584F67745F6C4F67696E6 : DHCPNameServer = 131.94.7.220 131.94.205.10 131.94.226.10
TCP: Interfaces\{D726B9D6-BF17-49F0-A998-6B63D7E304A5}\C45624561657F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\SHARP\Sharpdesk\ExplorerExtensions.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: PFW - UmxWnp.Dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {11111111-1111-1111-1111-110311391106} - <orphaned>
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: {DD4A10D0-0524-52BC-9E13-D94CB85B6901} - <orphaned>
x64-BHO: greatsaver: {E97FB87B-EE94-44EB-8848-585DAF54B2DF} - LocalServer32 - <no file>
x64-BHO: Bee Coupons BHO: {FC4DBA8C-2CC8-4741-BCE5-ADAC3EEA50B0} - 
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 54.225.95.126 gcbkfpidjhchgnokamccdemjfamackdh
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bubba7420\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Bubba7420\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\Bubba7420\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\Bubba7420\AppData\Roaming\Mozilla\plugins\npoff64.dll
FF - plugin: C:\Users\Bubba7420\AppData\Roaming\Mozilla\Plugins\npoff64.dll
FF - plugin: C:\Users\Bubba7420\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\Bubba7420\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Users\Bubba7420\AppData\Roaming\Mozilla\plugins\npwbe64.dll
FF - plugin: C:\Users\Bubba7420\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cumon;cumon;C:\Windows\System32\drivers\cumon.sys [2014-1-6 205512]
R0 Evdd;Evdd;C:\Windows\System32\drivers\evdd.sys [2014-1-6 19568]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-4 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-6-17 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-6-17 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-17 169048]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-10-5 87600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-10 283200]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20140122.001\IDSviA64.sys [2014-1-22 521944]
R1 KmxAgent;KmxAgent;C:\Windows\System32\drivers\KmxAgent.sys [2009-12-23 106488]
R1 KmxCfg;KmxCfg;C:\Windows\System32\drivers\KmxCfg.sys [2009-9-30 334712]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-6-17 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-6-17 433752]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-2-4 137232]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 CPMService;COMODO Programs Manager Service;C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe [2011-9-5 116032]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-3 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-21 15129376]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-8-13 138600]
R2 pgsql-8.2;pgsql-8.2;c:/postgres/bin/pg_ctl.exe runservice -N "pgsql-8.2" -D "c:/postgres/data" --> c:/postgres/bin/pg_ctl.exe runservice -N pgsql-8.2 [?]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-5-4 14112]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-3-25 93184]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-3-25 77312]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2013-1-31 145448]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
R2 Tomcat6;Apache Tomcat;C:\apache-tomcat-6.0.18\bin\tomcat6.exe [2008-7-22 57344]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-6-14 619904]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-5-4 19968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-8 137648]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-8 39200]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-3-25 12032]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2008-7-11 58664]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-8-23 401696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CSEntService;CS-Enterprise Application Server Service;C:\csremote38\jdk1.6.0_10\bin\java.exe [2011-8-17 139264]
S2 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-9-22 43028328]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-3-19 334888]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-5-4 39464]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-6-14 13728]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-17 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-3-25 158720]
S3 qrkis;Tether Miniport;C:\Windows\System32\drivers\qrkis.sys [2010-9-14 50856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-30 19456]
S3 SBUpdd;SpeedBit UpdateD;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [2013-2-27 40856]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-30 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-6-14 81824]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-6-14 15776]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-23 1255736]
S4 BotkindSyncService;Botkind Service;C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe service --> C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe service [?]
S4 CAISafe;CAISafe;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2010-8-18 304128]
S4 ccSchedulerSVC;CA Common Scheduler Service;C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2010-8-23 285008]
S4 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2013-2-26 2913144]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2012-7-18 310232]
S4 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2013-1-15 1183456]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-8-23 1436424]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-25 13336]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\CA\PCPitstopScheduleService.exe [2010-8-18 90296]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S4 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-5-4 168448]
S4 SBUpd;SpeedBit Update;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2013-2-27 1097848]
S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-5-4 108400]
S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-5-4 422768]
S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-5-4 67952]
S4 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-2-8 302448]
S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-5-4 104960]
S4 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-8-4 1479160]
S4 UmxCfg;HIPS Configuration Interpreter;C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2009-7-13 760664]
S4 UmxPol;HIPS Policy Manager;C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe [2009-7-27 227832]
S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-4 574320]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-3-18 852336]
S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
S4 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-5-4 1223024]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADLTScriptFile="C:\Windows\notepad.exe" "%1"
FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1"
FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1"
FileExt: .js: jsfile=NOTEPAD.EXE "%1"
FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-01-22 23:50:27 -------- d-----w- C:\Windows\ERUNT
2014-01-22 21:24:42 -------- d-----w- C:\Program Files (x86)\Mighty Uninstaller
2014-01-22 16:07:00 -------- d-----w- C:\Users\Bubba7420\AppData\Local\Anvisoft
2014-01-22 01:38:09 -------- d-----w- C:\Program Files\Enigma Software Group
2014-01-22 01:37:13 -------- d-----w- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-21 23:20:26 -------- d-----w- C:\Users\Bubba7420\AppData\Local\BenchUpdater
2014-01-21 23:19:43 -------- d-----w- C:\Users\Bubba7420\AppData\Local\Bee Coupons
2014-01-21 22:00:13 -------- d-----w- C:\Program Files (x86)\Common Files\Brother
2014-01-21 15:51:21 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36B37DBF-3A18-49BF-997F-86C82C888E9C}\mpengine.dll
2014-01-18 18:52:28 -------- d-----w- C:\Users\Bubba7420\AppData\Local\LogMeIn Client
2014-01-15 15:20:04 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 15:20:04 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 15:20:04 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 15:20:04 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 15:20:04 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 15:20:04 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 15:20:04 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 15:20:03 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-15 15:20:03 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 01:29:09 -------- d-----w- C:\ProgramData\Oracle
2014-01-15 01:28:16 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-12 22:04:06 53248 ----a-r- C:\Users\Bubba7420\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-01-12 22:03:49 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-01-12 21:57:24 -------- d-----w- C:\Users\Bubba7420\AppData\Roaming\Logishrd
2014-01-11 22:12:44 -------- d-----w- C:\Program Files (x86)\Bulk Rename Utility
2014-01-08 21:33:53 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-08 18:13:20 -------- d-sh--w- C:\found.007
2014-01-08 16:51:25 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-01-08 16:51:25 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-01-08 16:51:22 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-01-08 16:51:22 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-01-08 16:51:16 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-01-08 16:45:03 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-01-08 16:45:03 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-01-07 23:37:37 -------- d-----w- C:\postgres
2014-01-07 23:37:34 -------- d-----w- C:\apache-tomcat-6.0.18
2014-01-07 23:33:26 -------- d-----w- C:\csremote38
2014-01-07 23:30:23 -------- d-----w- C:\harmony1857jre1745
2014-01-07 20:06:22 27968 ----a-w- C:\Windows\System32\cpmnat.exe
2014-01-06 19:58:43 205512 ----a-w- C:\Windows\System32\drivers\cumon.sys
2014-01-06 19:55:00 19568 ----a-w- C:\Windows\System32\drivers\evdd.sys
2014-01-06 19:38:48 -------- d-----w- C:\Program Files\COMODO
2014-01-03 14:27:13 -------- d-----w- C:\Catalog_Kiosk
2013-12-31 18:46:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-30 21:06:28 117024 ----a-w- C:\Windows\System32\BootDefrag.exe
2013-12-30 20:53:36 -------- d-----w- C:\Users\Bubba7420\AppData\Local\Packages
2013-12-30 20:53:25 -------- d-----w- C:\ProgramData\1f822a3af94b5085
2013-12-30 20:53:22 -------- d-----w- C:\Users\Bubba7420\AppData\Local\Comodo
.
==================== Find3M  ====================
.
2014-01-18 17:31:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-18 17:31:27 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-14 21:22:40 342 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2014-01-07 19:41:36 249856 ------w- C:\Windows\Setup1.exe
2014-01-07 19:41:29 73216 ----a-w- C:\Windows\ST6UNST.EXE
2013-12-19 18:53:46 6671648 ----a-w- C:\Windows\System32\nvcpl.dll
2013-12-19 18:53:46 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-12-19 18:53:44 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-12-19 18:53:44 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-12-19 18:53:44 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2013-12-19 18:53:44 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-12-19 17:20:22 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-12-18 22:46:22 209192 ----a-w- C:\Windows\SysWow64\atsckernel.exe
2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 08:36:08 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-11-14 11:58:09 1884448 ----a-w- C:\Windows\System32\nvdispco6433182.dll
2013-11-14 11:58:09 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433182.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
.
============= FINISH: 15:17:38.10 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 23 January 2014 - 05:14 PM


Hello scubaman2009

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:08:46 AM

Posted 23 January 2014 - 06:32 PM

Gringo

Thank you for the quick reply

 

I ran the to scans. One thing i should say is that i had run these yesterday before i posted to the topic thinking "i could try and fix it myself". im going to attach the logs from adwcleaner from yesterday so just in case u need them. not sure what the R# or S# mean so im putting both. as for the JRT log i must have deleted it because i cant find it on my computer the one from today is pretty inconclusive

 

My computer is running sluggish and the extension is still in chrome. it is still changing words on pages to links for ads and pop ups still come up and there are advertisements on random pages still that are not part of the site

 

the results for the logs r as follows

 

1. Adwcleaner log

 

# AdwCleaner v3.017 - Report created 23/01/2014 at 17:25:11
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bubba7420 - BUBBA7420-VAIO
# Running from : C:\Users\Bubba7420\Downloads\AdwCleaner (2).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Windows\System32\Tasks\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.76
 
[ File : C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [28002 octets] - [18/09/2013 16:28:36]
AdwCleaner[R1].txt - [30579 octets] - [22/01/2014 13:00:51]
AdwCleaner[R2].txt - [1053 octets] - [22/01/2014 13:28:21]
AdwCleaner[R3].txt - [1281 octets] - [23/01/2014 17:22:37]
AdwCleaner[S0].txt - [24868 octets] - [22/01/2014 13:03:56]
AdwCleaner[S1].txt - [1117 octets] - [22/01/2014 13:35:48]
AdwCleaner[S2].txt - [1204 octets] - [23/01/2014 17:25:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1264 octets] ##########
 
 
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bubba7420 on Thu 01/23/2014 at 18:01:35.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/23/2014 at 18:12:34.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

2.JRT log

 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bubba7420 on Thu 01/23/2014 at 18:01:35.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/23/2014 at 18:12:34.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
thank you gringo again
 
Scuba

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 23 January 2014 - 09:11 PM


Hello scubaman2009

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:08:46 AM

Posted 24 January 2014 - 11:37 AM

Gringo
 
the only issue i had was with the disabling of Norton i turned off the smart firewall and the virus protection but it wouldn't actually let me shut the program off completely so the combofix program said that it was running in background. but nothing seemed to effect the scan. As far as the bee coupons extension goes its still in my browser, the words r still turning  to links and im getting popups and and there are extra ads on webpages
 
the log for the combo fix is listed below:
 
thanks
 
scuba
 
ComboFix 14-01-23.02 - Bubba7420 01/24/2014  10:49:43.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6126.4193 [GMT -5:00]
Running from: c:\users\Bubba7420\Downloads\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 640 bytes in 20 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\AddIns\AutoTable2004.dll
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\P5ZqHfOHoF.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\Hxw.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\icon48.png
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\imztPqXbF.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\ZnUbM66qH.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\hVi.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\y5ahDvK1.js
c:\users\Bubba7420\AppData\Local\assembly\tmp
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\P5ZqHfOHoF.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\Hxw.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\icon48.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\imztPqXbF.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\ZnUbM66qH.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\hVi.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\y5ahDvK1.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkebegkfekfhiefobhobgfaljmjccjf\2.7\P5ZqHfOHoF.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\Hxw.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\icon48.png
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnchipcmfbocmnkmdfomnfmgnjjaajnj\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\imztPqXbF.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\104\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhncnpllbpdlpifcohomcldhlifjdkmg\1.0\ZnUbM66qH.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\hVi.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiohkpmccaaaomgpjbklicabhbjekgg\2.7\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbdmmegmdbpakbmfgjmengfpbleljfn\2.7\y5ahDvK1.js
c:\windows\desktop
c:\windows\desktop\Install America Online - Free Trial.lnk
c:\windows\SysWow64\lsprst7.dll
c:\windows\SysWOW64mfc45.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-24 to 2014-01-24  )))))))))))))))))))))))))))))))
.
.
2014-01-24 16:12 . 2014-01-24 16:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-24 16:12 . 2014-01-24 16:12 -------- d-----w- c:\users\postgres.Bubba7420-VAIO\AppData\Local\temp
2014-01-24 16:12 . 2014-01-24 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-24 15:44 . 2014-01-24 15:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36B37DBF-3A18-49BF-997F-86C82C888E9C}\offreg.dll
2014-01-22 23:50 . 2014-01-22 23:50 -------- d-----w- c:\windows\ERUNT
2014-01-22 16:07 . 2014-01-22 16:07 -------- d-----w- c:\users\Bubba7420\AppData\Local\Anvisoft
2014-01-22 01:38 . 2014-01-22 01:38 -------- d-----w- c:\program files\Enigma Software Group
2014-01-22 01:37 . 2014-01-22 23:05 -------- d-----w- c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-21 23:20 . 2014-01-21 23:20 -------- d-----w- c:\users\Bubba7420\AppData\Local\BenchUpdater
2014-01-21 23:19 . 2014-01-21 23:20 -------- d-----w- c:\users\Bubba7420\AppData\Local\Bee Coupons
2014-01-21 22:00 . 2014-01-21 22:00 -------- d-----w- c:\program files (x86)\Common Files\Brother
2014-01-21 15:51 . 2013-12-16 06:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36B37DBF-3A18-49BF-997F-86C82C888E9C}\mpengine.dll
2014-01-18 18:52 . 2014-01-18 18:52 -------- d-----w- c:\users\Bubba7420\AppData\Local\LogMeIn Client
2014-01-15 15:20 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 15:20 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 15:20 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 15:20 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 15:20 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 15:20 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 15:20 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 15:20 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 15:20 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 01:29 . 2014-01-15 01:29 -------- d-----w- c:\programdata\Oracle
2014-01-15 01:28 . 2014-01-15 01:28 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-15 01:28 . 2013-12-19 02:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-12 22:04 . 2014-01-12 22:04 53248 ----a-r- c:\users\Bubba7420\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-01-12 22:04 . 2014-01-12 22:04 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2014-01-12 22:03 . 2014-01-22 19:16 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-01-12 22:03 . 2014-01-12 22:04 -------- d-----w- c:\programdata\Logishrd
2014-01-12 22:02 . 2014-01-12 22:02 -------- d-----w- c:\program files\Logitech
2014-01-12 22:02 . 2014-01-12 22:03 -------- d-----w- c:\program files\Common Files\Logishrd
2014-01-12 21:57 . 2014-01-12 22:04 -------- d-----w- c:\users\Bubba7420\AppData\Roaming\Logitech
2014-01-12 21:57 . 2014-01-12 21:57 -------- d-----w- c:\users\Bubba7420\AppData\Roaming\Logishrd
2014-01-11 22:12 . 2014-01-11 22:12 -------- d-----w- c:\program files (x86)\Bulk Rename Utility
2014-01-08 21:33 . 2014-01-08 21:36 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-08 18:13 . 2014-01-08 18:13 -------- d-----w- C:\found.007
2014-01-08 16:51 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-01-08 16:51 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-01-08 16:51 . 2010-05-26 16:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-01-08 16:51 . 2010-05-26 16:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-01-08 16:51 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-01-08 16:45 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-01-08 16:45 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-01-07 23:37 . 2014-01-07 23:38 -------- d-----w- C:\postgres
2014-01-07 23:37 . 2014-01-07 23:38 -------- d-----w- C:\apache-tomcat-6.0.18
2014-01-07 23:33 . 2014-01-07 23:37 -------- d-----w- C:\csremote38
2014-01-07 23:30 . 2014-01-07 23:30 -------- d-----w- C:\harmony1857jre1745
2014-01-07 20:06 . 2011-09-05 15:12 27968 ----a-w- c:\windows\system32\cpmnat.exe
2014-01-06 19:58 . 2011-09-05 15:14 205512 ----a-w- c:\windows\system32\drivers\cumon.sys
2014-01-06 19:55 . 2011-09-05 15:14 19568 ----a-w- c:\windows\system32\drivers\evdd.sys
2014-01-06 19:38 . 2014-01-06 19:41 -------- d-----w- c:\program files\COMODO
2014-01-03 14:27 . 2014-01-03 14:27 -------- d-----w- C:\Catalog_Kiosk
2013-12-31 18:46 . 2014-01-06 19:53 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-12-30 21:06 . 2013-12-17 05:35 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2013-12-30 20:53 . 2013-12-30 20:53 -------- d-----w- c:\users\Bubba7420\AppData\Local\Packages
2013-12-30 20:53 . 2014-01-03 14:20 -------- d-----w- c:\programdata\1f822a3af94b5085
2013-12-30 20:53 . 2013-12-30 20:53 -------- d-----w- c:\users\Bubba7420\AppData\Local\Comodo
2013-12-30 20:53 . 2013-12-30 20:53 -------- d-----w- c:\users\HomeGroupUser$
2013-12-30 20:53 . 2013-12-30 20:53 -------- d-----w- c:\users\Guest
2013-12-30 20:53 . 2013-12-30 20:53 -------- d-----w- c:\users\Administrator
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-18 17:31 . 2013-01-31 01:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-18 17:31 . 2013-01-31 01:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-07 19:41 . 2013-04-29 14:46 249856 ------w- c:\windows\Setup1.exe
2014-01-07 19:41 . 2013-04-29 14:46 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-12-19 20:33 . 2013-05-17 21:13 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-19 20:33 . 2013-05-17 21:13 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-19 20:33 . 2013-05-17 21:12 3071656 ----a-w- c:\windows\system32\nvapi64.dll
2013-12-19 20:33 . 2013-05-17 21:12 2698272 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-12-19 20:33 . 2013-05-17 21:12 18310112 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-12-19 20:33 . 2010-03-25 22:53 15230352 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-12-19 18:53 . 2010-02-22 19:51 6671648 ----a-w- c:\windows\system32\nvcpl.dll
2013-12-19 18:53 . 2010-02-22 19:51 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-12-19 18:53 . 2010-02-22 19:51 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-12-19 18:53 . 2010-02-22 19:51 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-12-19 18:53 . 2010-02-22 19:51 386336 ----a-w- c:\windows\system32\nvmctray.dll
2013-12-19 18:53 . 2010-02-22 19:51 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-12-19 17:20 . 2013-12-19 17:20 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-12-18 22:46 . 2013-02-04 19:09 209192 ----a-w- c:\windows\SysWow64\atsckernel.exe
2013-12-18 11:13 . 2010-08-23 22:14 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-17 02:27 . 2013-12-17 02:27 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-17 02:27 . 2013-12-17 02:27 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-17 02:27 . 2013-12-17 02:27 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-17 02:27 . 2013-12-17 02:27 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-17 02:27 . 2013-12-17 02:27 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-17 02:27 . 2013-12-17 02:27 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-17 02:27 . 2013-12-17 02:27 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-17 02:27 . 2013-12-17 02:27 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-17 02:27 . 2013-12-17 02:27 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-17 02:27 . 2013-12-17 02:27 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-17 02:27 . 2013-12-17 02:27 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-17 02:27 . 2013-12-17 02:27 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-17 02:27 . 2013-12-17 02:27 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-17 02:27 . 2013-12-17 02:27 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-17 02:27 . 2013-12-17 02:27 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-17 02:27 . 2013-12-17 02:27 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-17 02:27 . 2013-12-17 02:27 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-17 02:27 . 2013-12-17 02:27 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-17 02:27 . 2013-12-17 02:27 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-17 02:27 . 2013-12-17 02:27 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-17 02:27 . 2013-12-17 02:27 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-17 02:27 . 2013-12-17 02:27 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-17 02:27 . 2013-12-17 02:27 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-17 02:27 . 2013-12-17 02:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-17 02:27 . 2013-12-17 02:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-17 02:27 . 2013-12-17 02:27 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-17 02:27 . 2013-12-17 02:27 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-17 02:27 . 2013-12-17 02:27 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-17 02:27 . 2013-12-17 02:27 413696 ----a-w- c:\windows\system32\html.iec
2013-12-17 02:27 . 2013-12-17 02:27 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-17 02:27 . 2013-12-17 02:27 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-17 02:27 . 2013-12-17 02:27 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-17 02:27 . 2013-12-17 02:27 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-17 02:27 . 2013-12-17 02:27 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-17 02:27 . 2013-12-17 02:27 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-17 02:27 . 2013-12-17 02:27 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-17 02:27 . 2013-12-17 02:27 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-17 02:27 . 2013-12-17 02:27 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-17 02:27 . 2013-12-17 02:27 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-17 02:27 . 2013-12-17 02:27 235520 ----a-w- c:\windows\system32\url.dll
2013-12-17 02:27 . 2013-12-17 02:27 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-17 02:27 . 2013-12-17 02:27 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-17 02:27 . 2013-12-17 02:27 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-17 02:27 . 2013-12-17 02:27 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-17 02:27 . 2013-12-17 02:27 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-17 02:27 . 2013-12-17 02:27 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-17 02:27 . 2013-12-17 02:27 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-17 02:27 . 2013-12-17 02:27 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-17 02:27 . 2013-12-17 02:27 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-17 02:27 . 2013-12-17 02:27 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-17 02:27 . 2013-12-17 02:27 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-17 02:27 . 2013-12-17 02:27 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-17 02:27 . 2013-12-17 02:27 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-17 02:27 . 2013-12-17 02:27 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-17 02:27 . 2013-12-17 02:27 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-17 02:27 . 2013-12-17 02:27 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-17 02:27 . 2013-12-17 02:27 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-17 02:27 . 2013-12-17 02:27 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-17 02:27 . 2013-12-17 02:27 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-10 02:13 . 2013-11-13 17:30 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-11-13 17:30 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-05 08:42 . 2013-08-21 22:13 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-12-01 19:42 . 2010-09-08 20:59 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-26 11:54 . 2013-12-18 01:40 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-18 01:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-18 01:40 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-18 01:40 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-18 01:40 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-18 01:40 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-18 01:40 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-18 01:40 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-18 01:40 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-18 01:40 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-18 01:40 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-18 01:40 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-18 01:40 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-18 01:40 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-18 01:40 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-18 01:40 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-18 01:40 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-18 01:40 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Bubba7420\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 4\StartupManager.exe" [2014-01-06 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FtpServer.exe"="c:\program files (x86)\Sharp\Sharpdesk\FtpServer.exe" [2010-12-02 820224]
"IndexTray.exe"="c:\program files (x86)\Sharp\Sharpdesk\IndexTray.exe" [2010-12-02 395264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Bubba7420\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
Rizone Memory Booster.lnk - c:\users\Bubba7420\Desktop\Datum Memory Booster\memBoost.exe /smin [2013-1-30 534397]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2013-2-26 8486264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2009-03-27 20:27 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CSEntService;CS-Enterprise Application Server Service;c:\csremote38\jdk1.6.0_10\bin\java.exe;c:\csremote38\jdk1.6.0_10\bin\java.exe [x]
R2 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MFE_RR;MFE_RR;c:\users\BUBBA7~1\AppData\Local\Temp\mfe_rr.sys;c:\users\BUBBA7~1\AppData\Local\Temp\mfe_rr.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys;c:\windows\SYSNATIVE\DRIVERS\qrkis.sys [x]
R3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BotkindSyncService;Botkind Service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service [x]
R4 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [x]
R4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
R4 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\CA\PCPitstopScheduleService.exe;c:\program files (x86)\CA\PCPitstopScheduleService.exe [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
R4 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe;c:\program files\Sony\VAIO Care\collsvc.exe [x]
R4 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [x]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [x]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
R4 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [x]
R4 UmxCfg;HIPS Configuration Interpreter;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe [x]
R4 UmxPol;HIPS Policy Manager;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe [x]
R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R4 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe;c:\program files\Sony\VAIO Update 5\VUAgent.exe [x]
S0 cumon;cumon;c:\windows\system32\drivers\cumon.sys;c:\windows\SYSNATIVE\drivers\cumon.sys [x]
S0 Evdd;Evdd;c:\windows\system32\drivers\evdd.sys;c:\windows\SYSNATIVE\drivers\evdd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140121.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20140123.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20140123.001\IDSvia64.sys [x]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys;c:\windows\SYSNATIVE\DRIVERS\kmxagent.sys [x]
S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys;c:\windows\SYSNATIVE\DRIVERS\kmxcfg.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 CPMService;COMODO Programs Manager Service;c:\program files\COMODO\COMODO Programs Manager\CPMService.exe;c:\program files\COMODO\COMODO Programs Manager\CPMService.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 pgsql-8.2;pgsql-8.2;c:/postgres/bin/pg_ctl.exe runservice -N pgsql-8.2 -D c:/postgres/data;c:/postgres/bin/pg_ctl.exe runservice -N pgsql-8.2 -D c:/postgres/data [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Tomcat6;Apache Tomcat;c:\apache-tomcat-6.0.18\bin\tomcat6.exe;c:\apache-tomcat-6.0.18\bin\tomcat6.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-22 22:28 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-31 17:31]
.
2014-01-24 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-01-06 08:37]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 22:27]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 22:27]
.
2014-01-24 c:\windows\Tasks\Indexing Task - Bubba7420.job
- c:\program files (x86)\Sharp\Sharpdesk\IndexTask.exe [2010-12-02 08:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-02 18:33 2331336 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-02 18:33 2331336 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-02 18:33 2331336 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-01-30 23:48 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-01-30 23:48 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2012-10-29 551640]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Open with PDF Viewer 7 - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{50236466-563E-46EF-A3A8-B9D5D3DB36F7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468}
FF - ProfilePath - c:\users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{DD4A10D0-0524-52BC-9E13-D94CB85B6901} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{11111111-1111-1111-1111-110311391106} - (no file)
BHO-{DD4A10D0-0524-52BC-9E13-D94CB85B6901} - (no file)
BHO-{E97FB87B-EE94-44EB-8848-585DAF54B2DF} - (no file)
BHO-{FC4DBA8C-2CC8-4741-BCE5-ADAC3EEA50B0} - c:\program files (x86)\Bee Coupons\FrameworkBHO64.dll
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pgsql-8.2]
"ImagePath"="c:/postgres/bin/pg_ctl.exe runservice -N \"pgsql-8.2\" -D \"c:/postgres/data\""
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pgsql-8.2]
"ImagePath"="c:/postgres/bin/pg_ctl.exe runservice -N \"pgsql-8.2\" -D \"c:/postgres/data\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4239118280-1108664372-1866556713-1004\Software\SecuROM\License information*]
"datasecu"=hex:36,69,18,67,bc,65,e3,89,cc,97,85,1d,d6,ed,94,f6,f3,a2,28,25,c3,
   6c,42,f5,2d,f2,10,c3,1e,5c,6d,5e,45,8b,e5,c1,db,fe,0c,59,48,00,94,05,58,60,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-24  11:16:02
ComboFix-quarantined-files.txt  2014-01-24 16:16
.
Pre-Run: 248,728,137,728 bytes free
Post-Run: 248,856,899,584 bytes free
.
- - End Of File - - D2F5BD8D308227488AE96F9F3E02C727


#6 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:08:46 AM

Posted 24 January 2014 - 01:23 PM

Gringo after closing the log i saw that i did have one of those "Illegal operation attempted on a registry key that has been marked for deletion." messages so i restarted my computer after just wanted to let you know



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 24 January 2014 - 06:53 PM


Hello scubaman2009

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:08:46 AM

Posted 25 January 2014 - 03:06 PM

Gringo

the log below is the log from the combo fix program.  As far as any problems there wasnt  any i didnt have the "Illegal operation attempted on a registry key that has been marked for deletion." error message. computer seems ok still running slow though but i still have the un-removable bee coupons extension, pop-ups, words on page turned into links with popup ads and there are extra adds on the page

 

look forward to hearing from you

 

Scuba

---------------------------------------------------------------------------------------------------------------

 

ComboFix 14-01-23.02 - Bubba7420 01/25/2014  14:28:12.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6126.3860 [GMT -5:00]
Running from: c:\users\Bubba7420\Downloads\ComboFix.exe
Command switches used :: c:\users\Bubba7420\Desktop\CFScript.txt
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-25 to 2014-01-25  )))))))))))))))))))))))))))))))
.
.
2014-01-25 19:50 . 2014-01-25 19:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-25 19:50 . 2014-01-25 19:50 -------- d-----w- c:\users\postgres\AppData\Local\temp
2014-01-25 19:50 . 2014-01-25 19:50 -------- d-----w- c:\users\postgres.Bubba7420-VAIO\AppData\Local\temp
2014-01-25 19:50 . 2014-01-25 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-25 19:23 . 2014-01-25 19:23 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89CA1DE2-30D3-4A60-9BC3-519A658C1E82}\offreg.dll
2014-01-24 16:58 . 2013-12-16 06:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89CA1DE2-30D3-4A60-9BC3-519A658C1E82}\mpengine.dll
2014-01-22 23:50 . 2014-01-22 23:50 -------- d-----w- c:\windows\ERUNT
2014-01-22 16:07 . 2014-01-22 16:07 -------- d-----w- c:\users\Bubba7420\AppData\Local\Anvisoft
2014-01-22 01:38 . 2014-01-22 01:38 -------- d-----w- c:\program files\Enigma Software Group
2014-01-22 01:37 . 2014-01-22 23:05 -------- d-----w- c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-21 23:20 . 2014-01-21 23:20 -------- d-----w- c:\users\Bubba7420\AppData\Local\BenchUpdater
2014-01-21 23:19 . 2014-01-21 23:20 -------- d-----w- c:\users\Bubba7420\AppData\Local\Bee Coupons
2014-01-21 22:00 . 2014-01-21 22:00 -------- d-----w- c:\program files (x86)\Common Files\Brother
2014-01-18 18:52 . 2014-01-18 18:52 -------- d-----w- c:\users\Bubba7420\AppData\Local\LogMeIn Client
2014-01-15 15:20 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 15:20 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 15:20 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 15:20 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 15:20 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 15:20 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 15:20 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 15:20 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 15:20 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 01:29 . 2014-01-15 01:29 -------- d-----w- c:\programdata\Oracle
2014-01-15 01:28 . 2014-01-15 01:28 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-15 01:28 . 2013-12-19 02:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-12 22:04 . 2014-01-12 22:04 53248 ----a-r- c:\users\Bubba7420\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-01-12 22:04 . 2014-01-12 22:04 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2014-01-12 22:03 . 2014-01-22 19:16 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-01-12 22:03 . 2014-01-12 22:04 -------- d-----w- c:\programdata\Logishrd
2014-01-12 22:02 . 2014-01-12 22:02 -------- d-----w- c:\program files\Logitech
2014-01-12 22:02 . 2014-01-12 22:03 -------- d-----w- c:\program files\Common Files\Logishrd
2014-01-12 21:57 . 2014-01-12 22:04 -------- d-----w- c:\users\Bubba7420\AppData\Roaming\Logitech
2014-01-12 21:57 . 2014-01-12 21:57 -------- d-----w- c:\users\Bubba7420\AppData\Roaming\Logishrd
2014-01-11 22:12 . 2014-01-11 22:12 -------- d-----w- c:\program files (x86)\Bulk Rename Utility
2014-01-08 21:33 . 2014-01-08 21:36 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-08 18:13 . 2014-01-08 18:13 -------- d-----w- C:\found.007
2014-01-08 16:51 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-01-08 16:51 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-01-08 16:51 . 2010-05-26 16:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-01-08 16:51 . 2010-05-26 16:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-01-08 16:51 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-01-08 16:45 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-01-08 16:45 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-01-07 23:37 . 2014-01-07 23:38 -------- d-----w- C:\postgres
2014-01-07 23:37 . 2014-01-07 23:38 -------- d-----w- C:\apache-tomcat-6.0.18
2014-01-07 23:33 . 2014-01-07 23:37 -------- d-----w- C:\csremote38
2014-01-07 23:30 . 2014-01-07 23:30 -------- d-----w- C:\harmony1857jre1745
2014-01-07 20:06 . 2011-09-05 15:12 27968 ----a-w- c:\windows\system32\cpmnat.exe
2014-01-06 19:58 . 2011-09-05 15:14 205512 ----a-w- c:\windows\system32\drivers\cumon.sys
2014-01-06 19:55 . 2011-09-05 15:14 19568 ----a-w- c:\windows\system32\drivers\evdd.sys
2014-01-06 19:38 . 2014-01-06 19:41 -------- d-----w- c:\program files\COMODO
2014-01-03 14:27 . 2014-01-03 14:27 -------- d-----w- C:\Catalog_Kiosk
2013-12-31 18:46 . 2014-01-06 19:53 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-12-30 21:06 . 2013-12-17 05:35 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2013-12-30 20:53 . 2013-12-30 20:53 -------- d-----w- c:\users\Bubba7420\AppData\Local\Packages
2013-12-30 20:53 . 2014-01-03 14:20 -------- d-----w- c:\programdata\1f822a3af94b5085
2013-12-30 20:53 . 2013-12-30 20:53 -------- d-----w- c:\users\Bubba7420\AppData\Local\Comodo
2013-12-30 20:53 . 2013-12-30 20:53 -------- d-----w- c:\users\HomeGroupUser$
2013-12-30 20:53 . 2013-12-30 20:53 -------- d-----w- c:\users\Guest
2013-12-30 20:53 . 2013-12-30 20:53 -------- d-----w- c:\users\Administrator
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-18 17:31 . 2013-01-31 01:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-18 17:31 . 2013-01-31 01:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-07 19:41 . 2013-04-29 14:46 249856 ------w- c:\windows\Setup1.exe
2014-01-07 19:41 . 2013-04-29 14:46 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-12-19 20:33 . 2013-05-17 21:13 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-19 20:33 . 2013-05-17 21:13 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-19 20:33 . 2013-05-17 21:12 3071656 ----a-w- c:\windows\system32\nvapi64.dll
2013-12-19 20:33 . 2013-05-17 21:12 2698272 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-12-19 20:33 . 2013-05-17 21:12 18310112 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-12-19 20:33 . 2010-03-25 22:53 15230352 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-12-19 18:53 . 2010-02-22 19:51 6671648 ----a-w- c:\windows\system32\nvcpl.dll
2013-12-19 18:53 . 2010-02-22 19:51 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-12-19 18:53 . 2010-02-22 19:51 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-12-19 18:53 . 2010-02-22 19:51 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-12-19 18:53 . 2010-02-22 19:51 386336 ----a-w- c:\windows\system32\nvmctray.dll
2013-12-19 18:53 . 2010-02-22 19:51 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-12-19 17:20 . 2013-12-19 17:20 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-12-18 22:46 . 2013-02-04 19:09 209192 ----a-w- c:\windows\SysWow64\atsckernel.exe
2013-12-18 11:13 . 2010-08-23 22:14 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-17 02:27 . 2013-12-17 02:27 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-17 02:27 . 2013-12-17 02:27 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-17 02:27 . 2013-12-17 02:27 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-17 02:27 . 2013-12-17 02:27 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-17 02:27 . 2013-12-17 02:27 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-17 02:27 . 2013-12-17 02:27 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-17 02:27 . 2013-12-17 02:27 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-17 02:27 . 2013-12-17 02:27 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-17 02:27 . 2013-12-17 02:27 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-17 02:27 . 2013-12-17 02:27 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-17 02:27 . 2013-12-17 02:27 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-17 02:27 . 2013-12-17 02:27 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-17 02:27 . 2013-12-17 02:27 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-17 02:27 . 2013-12-17 02:27 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-17 02:27 . 2013-12-17 02:27 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-17 02:27 . 2013-12-17 02:27 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-17 02:27 . 2013-12-17 02:27 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-17 02:27 . 2013-12-17 02:27 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-17 02:27 . 2013-12-17 02:27 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-17 02:27 . 2013-12-17 02:27 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-17 02:27 . 2013-12-17 02:27 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-17 02:27 . 2013-12-17 02:27 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-17 02:27 . 2013-12-17 02:27 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-17 02:27 . 2013-12-17 02:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-17 02:27 . 2013-12-17 02:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-17 02:27 . 2013-12-17 02:27 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-17 02:27 . 2013-12-17 02:27 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-17 02:27 . 2013-12-17 02:27 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-17 02:27 . 2013-12-17 02:27 413696 ----a-w- c:\windows\system32\html.iec
2013-12-17 02:27 . 2013-12-17 02:27 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-17 02:27 . 2013-12-17 02:27 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-17 02:27 . 2013-12-17 02:27 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-17 02:27 . 2013-12-17 02:27 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-17 02:27 . 2013-12-17 02:27 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-17 02:27 . 2013-12-17 02:27 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-17 02:27 . 2013-12-17 02:27 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-17 02:27 . 2013-12-17 02:27 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-17 02:27 . 2013-12-17 02:27 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-17 02:27 . 2013-12-17 02:27 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-17 02:27 . 2013-12-17 02:27 235520 ----a-w- c:\windows\system32\url.dll
2013-12-17 02:27 . 2013-12-17 02:27 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-17 02:27 . 2013-12-17 02:27 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-17 02:27 . 2013-12-17 02:27 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-17 02:27 . 2013-12-17 02:27 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-17 02:27 . 2013-12-17 02:27 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-17 02:27 . 2013-12-17 02:27 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-17 02:27 . 2013-12-17 02:27 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-17 02:27 . 2013-12-17 02:27 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-17 02:27 . 2013-12-17 02:27 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-17 02:27 . 2013-12-17 02:27 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-17 02:27 . 2013-12-17 02:27 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-17 02:27 . 2013-12-17 02:27 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-17 02:27 . 2013-12-17 02:27 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-17 02:27 . 2013-12-17 02:27 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-17 02:27 . 2013-12-17 02:27 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-17 02:27 . 2013-12-17 02:27 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-17 02:27 . 2013-12-17 02:27 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-17 02:27 . 2013-12-17 02:27 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-17 02:27 . 2013-12-17 02:27 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-10 02:13 . 2013-11-13 17:30 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-11-13 17:30 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-05 08:42 . 2013-08-21 22:13 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-12-01 19:42 . 2010-09-08 20:59 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-26 11:54 . 2013-12-18 01:40 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-18 01:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-18 01:40 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-18 01:40 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-18 01:40 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-18 01:40 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-18 01:40 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-18 01:40 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-18 01:40 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-18 01:40 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-18 01:40 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-18 01:40 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-18 01:40 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-18 01:40 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-18 01:40 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-18 01:40 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-18 01:40 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-18 01:40 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Bubba7420\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 4\StartupManager.exe" [2014-01-06 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FtpServer.exe"="c:\program files (x86)\Sharp\Sharpdesk\FtpServer.exe" [2010-12-02 820224]
"IndexTray.exe"="c:\program files (x86)\Sharp\Sharpdesk\IndexTray.exe" [2010-12-02 395264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Bubba7420\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
Rizone Memory Booster.lnk - c:\users\Bubba7420\Desktop\Datum Memory Booster\memBoost.exe /smin [2013-1-30 534397]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2013-2-26 8486264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2009-03-27 20:27 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CSEntService;CS-Enterprise Application Server Service;c:\csremote38\jdk1.6.0_10\bin\java.exe;c:\csremote38\jdk1.6.0_10\bin\java.exe [x]
R2 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MFE_RR;MFE_RR;c:\users\BUBBA7~1\AppData\Local\Temp\mfe_rr.sys;c:\users\BUBBA7~1\AppData\Local\Temp\mfe_rr.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys;c:\windows\SYSNATIVE\DRIVERS\qrkis.sys [x]
R3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BotkindSyncService;Botkind Service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service [x]
R4 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [x]
R4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
R4 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\CA\PCPitstopScheduleService.exe;c:\program files (x86)\CA\PCPitstopScheduleService.exe [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
R4 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe;c:\program files\Sony\VAIO Care\collsvc.exe [x]
R4 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [x]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [x]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
R4 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [x]
R4 UmxCfg;HIPS Configuration Interpreter;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe [x]
R4 UmxPol;HIPS Policy Manager;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe [x]
R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R4 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe;c:\program files\Sony\VAIO Update 5\VUAgent.exe [x]
S0 cumon;cumon;c:\windows\system32\drivers\cumon.sys;c:\windows\SYSNATIVE\drivers\cumon.sys [x]
S0 Evdd;Evdd;c:\windows\system32\drivers\evdd.sys;c:\windows\SYSNATIVE\drivers\evdd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140121.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20140123.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20140123.001\IDSvia64.sys [x]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys;c:\windows\SYSNATIVE\DRIVERS\kmxagent.sys [x]
S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys;c:\windows\SYSNATIVE\DRIVERS\kmxcfg.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 CPMService;COMODO Programs Manager Service;c:\program files\COMODO\COMODO Programs Manager\CPMService.exe;c:\program files\COMODO\COMODO Programs Manager\CPMService.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 pgsql-8.2;pgsql-8.2;c:/postgres/bin/pg_ctl.exe runservice -N pgsql-8.2 -D c:/postgres/data;c:/postgres/bin/pg_ctl.exe runservice -N pgsql-8.2 -D c:/postgres/data [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Tomcat6;Apache Tomcat;c:\apache-tomcat-6.0.18\bin\tomcat6.exe;c:\apache-tomcat-6.0.18\bin\tomcat6.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-22 22:28 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-31 17:31]
.
2014-01-25 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-01-06 08:37]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 22:27]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 22:27]
.
2014-01-24 c:\windows\Tasks\Indexing Task - Bubba7420.job
- c:\program files (x86)\Sharp\Sharpdesk\IndexTask.exe [2010-12-02 08:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC4DBA8C-2CC8-4741-BCE5-ADAC3EEA50B0}]
c:\program files (x86)\Bee Coupons\FrameworkBHO64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-02 18:33 2331336 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-02 18:33 2331336 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-02 18:33 2331336 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-01-30 23:48 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-01-30 23:48 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2012-10-29 551640]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Open with PDF Viewer 7 - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{50236466-563E-46EF-A3A8-B9D5D3DB36F7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468}
FF - ProfilePath - c:\users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{DD4A10D0-0524-52BC-9E13-D94CB85B6901} - (no file)
BHO-{11111111-1111-1111-1111-110311391106} - (no file)
BHO-{E97FB87B-EE94-44EB-8848-585DAF54B2DF} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pgsql-8.2]
"ImagePath"="c:/postgres/bin/pg_ctl.exe runservice -N \"pgsql-8.2\" -D \"c:/postgres/data\""
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pgsql-8.2]
"ImagePath"="c:/postgres/bin/pg_ctl.exe runservice -N \"pgsql-8.2\" -D \"c:/postgres/data\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4239118280-1108664372-1866556713-1004\Software\SecuROM\License information*]
"datasecu"=hex:36,69,18,67,bc,65,e3,89,cc,97,85,1d,d6,ed,94,f6,f3,a2,28,25,c3,
   6c,42,f5,2d,f2,10,c3,1e,5c,6d,5e,45,8b,e5,c1,db,fe,0c,59,48,00,94,05,58,60,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-25  14:53:56
ComboFix-quarantined-files.txt  2014-01-25 19:53
ComboFix2.txt  2014-01-24 16:16
.
Pre-Run: 245,764,345,856 bytes free
Post-Run: 245,843,148,800 bytes free
.
- - End Of File - - 9CD1DF5F6F6FE2F4CE913D1C631E3D80


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 25 January 2014 - 10:03 PM

Hello

In which browser does this happen in


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:08:46 AM

Posted 26 January 2014 - 07:24 PM

gringo

 

Chrome and internet explorer



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 26 January 2014 - 08:50 PM


Hello scubaman2009

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following
  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:08:46 AM

Posted 26 January 2014 - 08:57 PM

i dont see a fixit button?



#13 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:08:46 AM

Posted 26 January 2014 - 09:56 PM

Gringo

 

So i reset all of the setting in IE

 

Still is affecting it shows it in the add-ons list as enabled and cant disable it. still have popups, words turning into links etc



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 27 January 2014 - 12:42 AM



Hello scubaman2009

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:08:46 AM

Posted 27 January 2014 - 10:45 AM

gringo,

please see attached log. i ran the OLT program had no issues

 

OTL logfile created on: 1/27/2014 9:57:59 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bubba7420\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.98 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 71.47% Memory free
11.96 Gb Paging File | 9.36 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.41 Gb Total Space | 223.48 Gb Free Space | 38.11% Space Free | Partition Type: NTFS
Drive Y: | 298.00 Gb Total Space | 151.98 Gb Free Space | 51.00% Space Free | Partition Type: NTFS
Drive Z: | 298.00 Gb Total Space | 166.21 Gb Free Space | 55.78% Space Free | Partition Type: NTFS
 
Computer Name: BUBBA7420-VAIO | User Name: Bubba7420 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bubba7420\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Glary Utilities 4\Integrator.exe (Glarysoft Ltd)
PRC - C:\Users\Bubba7420\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
PRC - C:\Users\Bubba7420\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology)
PRC - C:\Users\Bubba7420\Desktop\Datum Memory Booster\memBoost.exe ()
PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\SHARP\Sharpdesk\FTPServer.exe (SHARP CORPORATION)
PRC - C:\Program Files (x86)\SHARP\Sharpdesk\nsapp.exe (SHARP CORPORATION)
PRC - C:\Program Files (x86)\SHARP\Sharpdesk\Indexer.exe (SHARP CORPORATION)
PRC - C:\Program Files (x86)\SHARP\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Sony\VAIO Care\VCSpt.exe (Sony Corporation)
PRC - c:\apache-tomcat-6.0.18\bin\tomcat6.exe (Apache Software Foundation)
PRC - c:\postgres\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - c:\postgres\bin\postgres.exe (PostgreSQL Global Development Group)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Glary Utilities 4\zlib1.dll ()
MOD - C:\Users\Bubba7420\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Bubba7420\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Users\Bubba7420\Desktop\Datum Memory Booster\memBoost.exe ()
MOD - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\wincfi39.dll ()
MOD - C:\Program Files (x86)\SHARP\Sharpdesk\SCprMfpif.dll ()
MOD - C:\Program Files (x86)\SHARP\Sharpdesk\discoveryps.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (SBUpd) -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe (Speedbit Ltd.)
SRV:64bit: - (WTabletServiceCon) -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.)
SRV:64bit: - (CPMService) -- C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe ()
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV:64bit: - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Sony of America Corporation)
SRV:64bit: - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV:64bit: - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SRV - (N360) -- C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (File Backup) -- C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (BotkindSyncService) -- C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe ()
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (CSEntService) -- C:\csremote38\jdk1.6.0_10\bin\java.exe (Sun Microsystems, Inc.)
SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (PCPitstop Scheduling) -- C:\Program Files (x86)\CA\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (UmxPol) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (UmxCfg) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (Tomcat6) -- c:\apache-tomcat-6.0.18\bin\tomcat6.exe (Apache Software Foundation)
SRV - (pgsql-8.2) -- c:\postgres\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (DIRECTIO) -- C:\Program Files\PerformanceTest\DirectIo64.sys File not found
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SBUpdd) -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys ()
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Evdd) -- C:\Windows\SysNative\drivers\evdd.sys ()
DRV:64bit: - (cumon) -- C:\Windows\SysNative\drivers\cumon.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (KmxAgent) -- C:\Windows\SysNative\drivers\KmxAgent.sys (CA)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (qrkis) -- C:\Windows\SysNative\drivers\qrkis.sys (Tether)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (KmxCfg) -- C:\Windows\SysNative\drivers\KmxCfg.sys (CA)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
DRV:64bit: - (SNTUSB64) -- C:\Windows\SysNative\drivers\SNTUSB64.SYS (SafeNet, Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20140126.024\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20140126.024\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20140124.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140121.001\BHDrvx64.sys (Symantec Corporation)
DRV - (BootDefragDriver) -- C:\Windows\SysWOW64\drivers\BootDefragDriver.sys (<Glarysoft Ltd>)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..extensions.enabledAddons: anticontainer%40downthemall.net:1.3
FF - prefs.js..extensions.enabledAddons: loadcontrol%40mcphate.org:0.3
FF - prefs.js..extensions.enabledAddons: openlinkintab%40piro.sakura.ne.jp:0.1.2013100801
FF - prefs.js..extensions.enabledAddons: snt%40dotlabs.co:1.0
FF - prefs.js..extensions.enabledAddons: tabkit2%40pikachuexe.amateur.hk:0.10.4
FF - prefs.js..extensions.enabledAddons: %7B39952c40-5197-11da-8cd6-0800200c9a66%7D:0.5.5
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.2.02
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:5.3.2
FF - prefs.js..extensions.enabledAddons: TooManyTabs%40visibotech.com:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll File not found
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Bubba7420\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Bubba7420\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Bubba7420\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Bubba7420\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Bubba7420\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2014/01/27 09:01:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/09/23 10:28:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/07/18 21:54:16 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFF [2014/01/22 18:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/01/12 17:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/23 14:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/23 14:38:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
[2012/10/04 18:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Extensions
[2010/09/08 21:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/07 13:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\extensions
[2013/01/28 19:51:13 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2014/01/26 21:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions
[2014/01/23 19:59:47 | 000,000,000 | ---D | M] ("Flash Video Downloader") -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\artur.dubovoy@gmail.com
[2014/01/26 21:10:40 | 000,000,000 | ---D | M] (Applon Support) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\jid1-RYwhP9dQdGfXkQ@jetpack
[2014/01/26 21:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\staged
[2014/01/23 20:03:23 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\TooManyTabs@visibotech.com
[2014/01/23 20:05:08 | 000,000,000 | ---D | M] ("New Tab Plus") -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\weidunewtab@gmail.com
[2014/01/26 20:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\z7c331ee.default\extensions
[2013/12/18 18:39:06 | 000,098,595 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\anticontainer@downthemall.net.xpi
[2013/06/20 17:37:46 | 000,190,765 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\jid0-XXocAsQYPfKHSY8ebTi0VcX8eNQ@jetpack.xpi
[2013/11/14 20:18:52 | 000,010,202 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\loadcontrol@mcphate.org.xpi
[2013/10/21 12:42:39 | 000,103,613 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\openlinkintab@piro.sakura.ne.jp.xpi
[2013/12/16 06:46:36 | 000,004,388 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\snt@dotlabs.co.xpi
[2013/11/14 20:18:52 | 000,221,726 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\tabkit2@pikachuexe.amateur.hk.xpi
[2014/01/20 13:04:42 | 000,103,990 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\tabutils@ithinc.cn.xpi
[2013/04/11 18:52:38 | 000,043,104 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}.xpi
[2013/10/31 15:07:22 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/06/15 16:30:47 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/12/13 17:37:14 | 000,085,117 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\z7c331ee.default\extensions\contact@dislikenow.com.xpi
[2012/12/12 18:56:33 | 000,031,775 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\z7c331ee.default\extensions\firedownload@mozilla.org.xpi
[2012/12/12 18:56:31 | 000,104,361 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\z7c331ee.default\extensions\tabutils@ithinc.cn.xpi
[2013/01/05 16:05:01 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\z7c331ee.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2013/01/27 14:00:03 | 000,271,097 | ---- | M] () (No name found) -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\z7c331ee.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
[2013/08/22 15:13:48 | 000,000,915 | ---- | M] () -- C:\Users\Bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\m2ous4aj.default\searchplugins\yahoo.xml
[2014/01/22 13:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/23 14:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/23 14:38:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/ig
CHR - Extension: Sandglaz = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\adcnghffffopmjobbaabboiflpcchljd\2.7.1_0\
CHR - Extension: Google Drive = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Billomat = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakjgjgbfahihjaldnflgbikaakfkldi\1.0_0\
CHR - Extension: MindMeister = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm\2.1.3_0\
CHR - Extension: Less Annoying CRM = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjiddacoabcloecailojkglecpliblik\3.0.6_0\
CHR - Extension: Cash Organizer = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppdehaogjdmkkiaiokmjdjmjnjicddk\2.0.0.77_0\
CHR - Extension: QuickBooks = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimncnjihlhfmagneecomiloklpjeagl\67_0\
CHR - Extension: Weebly - Website Builder = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb\1.0.5_0\
CHR - Extension: Contractor Estimating Invoicing Tool by Joist = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchangnkakeaagmbonhphpianeoklfml\0.0.0.5_0\
CHR - Extension: Yendo CRM = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\eielibmdccfjcabecfjhiopmjmhgknlc\104_0\
CHR - Extension: MailChimp = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe\1.1_0\
CHR - Extension: Google Calendar = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Quote Roller = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonldhmaohklgbbbhpbaajfgafbdlegp\1.2.2_0\
CHR - Extension: Bee Coupons = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbkfpidjhchgnokamccdemjfamackdh\1.0_1\
CHR - Extension: Appointment Booking by vCita = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcikfaipmlolhemioniebofcbmkpnami\1.2.0_0\
CHR - Extension: TeamGantt Project Management = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcoffgicdhbbbpdopfhaemdbdglnkcok\2.4_0\
CHR - Extension: Insightly = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkopngnjabiaaibfkfgjhgdfpoholppn\6.2_0\
CHR - Extension: Podio = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfhmmbhaifchbdlhlfcoildocgmbleb\2.0.2_0\
CHR - Extension: GanttChart = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippohddakbehhmbjhaoneeeoemnijogb\5_0\
CHR - Extension: Sellsy = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnefndonldjccbibcfnobmdminlhjfoc\1.2_0\
CHR - Extension: WORKetc CRM + Projects = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdlahiphbfdglckbfaclomhiohkmjgci\1.0.0.5_0\
CHR - Extension: Free Invoice Maker = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebnkbogolcjifklpmgidaaoogjflajp\0.0.0.1_0\
CHR - Extension: HootSuite = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\
CHR - Extension: Wave Accounting = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa\1.9.5_0\
CHR - Extension: Evernote Web = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Cube Time & Expense Tracking = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenheondoadkgoodcgmcijcoiahhemch\3.0_0\
CHR - Extension: Google Wallet = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Salesforce.com = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooaoeobbhfgkohkegpbidjjnkhjfccao\1.2_0\
CHR - Extension: Gmail = C:\Users\Bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/01/24 11:12:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (no name) - {11111111-1111-1111-1111-110311391106} - No CLSID value found.
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (no name) - {E97FB87B-EE94-44EB-8848-585DAF54B2DF} - No CLSID value found.
O2:64bit: - BHO: (Bee Coupons BHO) - {FC4DBA8C-2CC8-4741-BCE5-ADAC3EEA50B0} - C:\Program Files (x86)\Bee Coupons\FrameworkBHO64.dll File not found
O2 - BHO: (Applon) - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - C:\Program Files (x86)\DeskTunes\Applon_ie.dll File not found
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {DD4A10D0-0524-52BC-9E13-D94CB85B6901} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [FtpServer.exe] C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [IndexTray.exe] C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
O4 - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004..\Run: [Akamai NetSession Interface] C:\Users\Bubba7420\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004..\Run: [GUDelayStartup] C:\Program Files (x86)\Glary Utilities 4\StartupManager.exe (Glarysoft Ltd)
O4 - Startup: C:\Users\Bubba7420\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bubba7420\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Bubba7420\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rizone Memory Booster.lnk = C:\Users\Bubba7420\Desktop\Datum Memory Booster\memBoost.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4239118280-1108664372-1866556713-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - C:\Program Files (x86)\DeskTunes\Applon_ie.dll File not found
O9 - Extra 'Tools' menuitem : Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - C:\Program Files (x86)\DeskTunes\Applon_ie.dll File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab (Reg Error: Key error.)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} Reg Error: Value error. (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T29L10NSP1-17055/support/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50236466-563E-46EF-A3A8-B9D5D3DB36F7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\sds - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\SHARP\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\Windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/11/15 15:39:49 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2014/01/21 20:38:40 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/25 14:54:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/25 14:24:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/01/24 16:53:54 | 000,000,000 | ---D | C] -- C:\Users\Bubba7420\Desktop\Manufacturer logos
[2014/01/24 14:03:23 | 000,000,000 | ---D | C] -- C:\Users\Bubba7420\Desktop\Tile Stone and Countertops 01232014
[2014/01/24 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\Bubba7420\Desktop\Cabinetry 01232014
[2014/01/24 10:46:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/24 10:46:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/24 10:46:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/24 10:38:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/24 10:37:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/22 18:50:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/22 17:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/22 11:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2014/01/22 11:07:00 | 000,000,000 | ---D | C] -- C:\Users\Bubba7420\AppData\Local\Anvisoft
[2014/01/21 20:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/01/21 18:20:26 | 000,000,000 | ---D | C] -- C:\Users\Bubba7420\AppData\Local\BenchUpdater
[2014/01/21 18:19:43 | 000,000,000 | ---D | C] -- C:\Users\Bubba7420\AppData\Local\Bee Coupons
[2014/01/21 17:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Brother
[2014/01/21 16:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
[2014/01/21 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\Bubba7420\Desktop\Autodesk.AutoCAD.LT.2004
[2014/01/18 13:52:28 | 000,000,000 | ---D | C] -- C:\Users\Bubba7420\AppData\Local\LogMeIn Client
[2014/01/15 10:20:04 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 10:20:04 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/15 10:20:03 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/14 20:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/01/14 20:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/01/14 20:28:25 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/01/14 20:28:16 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/01/14 20:28:16 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/01/14 20:28:16 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/14 20:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/14 16:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Design
[2014/01/13 15:47:18 | 000,000,000 | --SD | C] -- C:\Users\Bubba7420\Documents\My Data Sources
[2014/01/12 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2014/01/12 17:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2014/01/12 17:03:49 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2014/01/12 17:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2014/01/12 17:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2014/01/12 17:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2014/01/12 17:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2014/01/12 16:57:24 | 000,000,000 | ---D | C] -- C:\Users\Bubba7420\AppData\Roaming\Logitech
[2014/01/12 16:57:24 | 000,000,000 | ---D | C] -- C:\Users\Bubba7420\AppData\Roaming\Logishrd
[2014/01/11 17:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
[2014/01/11 17:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bulk Rename Utility
[2014/01/08 16:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/08 13:13:20 | 000,000,000 | ---D | C] -- C:\found.007
[2014/01/08 11:55:59 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2014/01/08 11:55:58 | 030,372,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/01/08 11:55:58 | 022,960,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/01/08 11:55:58 | 018,222,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/01/08 11:55:58 | 015,877,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/01/08 11:55:58 | 011,554,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/01/08 11:55:58 | 009,657,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/01/08 11:55:58 | 003,132,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/01/08 11:55:58 | 003,125,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/01/08 11:55:58 | 002,947,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/01/08 11:55:58 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433221.dll
[2014/01/08 11:55:58 | 001,515,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2014/01/08 11:55:58 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433221.dll
[2014/01/08 11:55:58 | 000,882,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/01/08 11:55:58 | 000,879,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/01/08 11:55:58 | 000,852,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/01/08 11:55:58 | 000,847,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/01/08 11:55:58 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2014/01/08 11:55:57 | 025,257,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/01/08 11:55:57 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/01/08 11:55:57 | 011,605,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/01/08 11:55:57 | 009,700,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/01/08 11:55:57 | 002,747,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/01/08 11:51:25 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2014/01/08 11:51:25 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2014/01/08 11:51:22 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2014/01/08 11:51:22 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2014/01/08 11:51:16 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2014/01/08 11:45:03 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014/01/08 11:45:03 | 000,032,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014/01/07 18:37:37 | 000,000,000 | ---D | C] -- C:\postgres
[2014/01/07 18:37:34 | 000,000,000 | ---D | C] -- C:\apache-tomcat-6.0.18
[2014/01/07 18:33:26 | 000,000,000 | ---D | C] -- C:\csremote38
[2014/01/07 18:30:23 | 000,000,000 | ---D | C] -- C:\harmony1857jre1745
[2014/01/07 15:06:22 | 000,027,968 | ---- | C] (COMODO Security Solutions Inc.) -- C:\Windows\SysNative\cpmnat.exe
[2014/01/06 14:58:43 | 000,205,512 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cumon.sys
[2014/01/06 14:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2014/01/06 14:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2014/01/03 09:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crystal Product Catalog
[2014/01/03 09:27:13 | 000,000,000 | ---D | C] -- C:\Catalog_Kiosk
[2013/12/31 13:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/12/30 16:06:28 | 000,117,024 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe
[2013/12/30 15:53:36 | 000,000,000 | ---D | C] -- C:\Users\Bubba7420\AppData\Local\Packages
[2013/12/30 15:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\1f822a3af94b5085
[2013/12/30 15:53:22 | 000,000,000 | ---D | C] -- C:\Users\Bubba7420\AppData\Local\Comodo
[4 C:\Users\Bubba7420\Desktop\*.tmp files -> C:\Users\Bubba7420\Desktop\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/27 09:37:21 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/27 09:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/27 09:19:42 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/27 09:19:42 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/27 09:06:56 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/27 09:00:25 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2014/01/27 08:59:31 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2014/01/27 08:56:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/27 08:56:14 | 522,760,191 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/26 22:15:28 | 000,050,488 | ---- | M] () -- C:\Windows\CUAppUsage.Dat
[2014/01/26 22:15:25 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7
[2014/01/26 22:15:25 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6
[2014/01/26 22:15:25 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5
[2014/01/26 22:15:25 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4
[2014/01/26 22:15:25 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3
[2014/01/26 22:15:25 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2
[2014/01/26 22:15:25 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1
[2014/01/26 22:15:25 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0
[2014/01/26 22:15:25 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2014/01/26 22:15:25 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2014/01/26 22:15:25 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2014/01/26 22:15:25 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2014/01/26 22:15:25 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
[2014/01/26 22:15:25 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2014/01/26 22:15:25 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2014/01/26 22:15:25 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2014/01/26 19:41:01 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\Indexing Task - Bubba7420.job
[2014/01/24 16:50:42 | 016,377,839 | ---- | M] () -- C:\Users\Bubba7420\Desktop\ENC2014.ZIP
[2014/01/24 16:43:56 | 000,043,567 | ---- | M] () -- C:\Users\Bubba7420\Desktop\t2.jpg
[2014/01/24 16:43:25 | 000,048,659 | ---- | M] () -- C:\Users\Bubba7420\Desktop\tank1.jpg
[2014/01/24 11:12:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/23 17:11:30 | 000,100,944 | ---- | M] () -- C:\Users\Bubba7420\Desktop\SketchUcationTools.rbz
[2014/01/23 15:43:20 | 000,088,370 | ---- | M] () -- C:\Users\Bubba7420\Desktop\REV #1_ 14-002 Bogel Residence kitchen 1_16^1.pdf
[2014/01/23 13:40:38 | 001,341,769 | ---- | M] () -- C:\Users\Bubba7420\Desktop\Tile Stone and Countertops 01232014.zip
[2014/01/23 13:40:35 | 001,278,556 | ---- | M] () -- C:\Users\Bubba7420\Desktop\Cabinetry 01232014.zip
[2014/01/23 10:34:49 | 000,009,897 | ---- | M] () -- C:\Users\Bubba7420\Desktop\taylor invoice.pdf
[2014/01/22 18:26:46 | 000,001,068 | ---- | M] () -- C:\Users\Bubba7420\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2014/01/22 18:26:46 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 4.lnk
[2014/01/22 18:25:09 | 000,002,243 | ---- | M] () -- C:\Users\Bubba7420\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/22 17:28:17 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/22 16:11:15 | 000,067,800 | ---- | M] () -- C:\Users\Bubba7420\Desktop\cc_20140122_161109.reg
[2014/01/22 14:16:33 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2014/01/22 14:07:15 | 000,076,649 | ---- | M] () -- C:\Users\Bubba7420\Desktop\screenshot.png
[2014/01/22 13:57:14 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD LT 2004.lnk
[2014/01/22 13:34:11 | 000,000,065 | -H-- | M] () -- C:\Users\Bubba7420\Desktop\POBLOCKI UPSTAIRS WETBAR1023.dwl
[2014/01/22 13:33:55 | 000,521,289 | ---- | M] () -- C:\Users\Bubba7420\Desktop\Revised 0724 taylor hood.dwg
[2014/01/22 12:39:23 | 000,000,166 | ---- | M] () -- C:\Users\Bubba7420\Desktop\backup.reg
[2014/01/22 10:15:50 | 005,207,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/21 20:38:40 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/01/21 18:20:03 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/01/21 17:00:19 | 000,001,867 | ---- | M] () -- C:\Users\Bubba7420\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
[2014/01/21 17:00:19 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\P-touch Address Book 1.1.lnk
[2014/01/21 16:57:09 | 000,001,862 | ---- | M] () -- C:\Users\Bubba7420\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2014/01/21 16:57:05 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\P-touch Update Software.lnk
[2014/01/21 16:15:40 | 000,000,384 | ---- | M] () -- C:\Windows\SysWow64\aclt.err
[2014/01/21 16:15:39 | 000,030,560 | ---- | M] () -- C:\acadminidump.dmp
[2014/01/21 16:15:39 | 000,003,066 | ---- | M] () -- C:\Windows\SysWow64\acltstk.dmp
[2014/01/21 16:14:30 | 000,003,863 | ---- | M] () -- C:\Users\Bubba7420\Documents\aclt.err
[2014/01/21 16:14:28 | 000,065,527 | ---- | M] () -- C:\Users\Bubba7420\Documents\acltstk.dmp
[2014/01/21 13:25:53 | 000,076,288 | ---- | M] () -- C:\Users\Bubba7420\Desktop\unnamed.jpg
[2014/01/20 16:07:46 | 000,002,440 | ---- | M] () -- C:\{A6449AB7-3583-4476-82DD-7F17A83562EA}
[2014/01/20 15:56:46 | 000,002,888 | ---- | M] () -- C:\{32C6B3AB-B8C3-456C-81E7-F9E521999661}
[2014/01/20 15:52:18 | 000,003,192 | ---- | M] () -- C:\{72CF18F5-F36A-42BD-9831-683418BDA427}
[2014/01/20 15:10:59 | 000,003,464 | ---- | M] () -- C:\{8D45DD25-AFF5-4182-BABE-24DA327E4FAC}
[2014/01/20 13:39:14 | 000,003,480 | ---- | M] () -- C:\{B4458F2B-8661-4BFD-8D9E-09F24DDB47C7}
[2014/01/18 13:46:12 | 000,001,604 | ---- | M] () -- C:\Users\Bubba7420\Desktop\14_Proposals 2014 - Shortcut.lnk
[2014/01/18 13:42:31 | 000,000,623 | ---- | M] () -- C:\Users\Bubba7420\Desktop\Studio West - Shared (STUDIO-PC3) (Z) - Shortcut.lnk
[2014/01/18 12:31:27 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/18 12:31:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/16 13:12:16 | 000,003,320 | ---- | M] () -- C:\{A50509ED-94DE-4D55-9D7F-0EA1D543562A}
[2014/01/16 13:07:06 | 000,002,608 | ---- | M] () -- C:\{D7C65911-26F4-4CFC-BFF4-5DA73279CE43}
[2014/01/16 13:05:44 | 000,002,624 | ---- | M] () -- C:\{AB88A8E9-5C18-4151-9EA8-AD33888E8A42}
[2014/01/16 11:01:35 | 000,001,059 | ---- | M] () -- C:\Users\Bubba7420\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/16 11:01:23 | 000,001,035 | ---- | M] () -- C:\Users\Bubba7420\Desktop\Dropbox.lnk
[2014/01/15 13:05:33 | 000,002,480 | ---- | M] () -- C:\{1508A766-26F5-4B22-85B3-009F6F51E586}
[2014/01/15 12:48:07 | 000,002,408 | ---- | M] () -- C:\{3265B546-96E0-4F93-A92A-FA51070A02F6}
[2014/01/15 12:45:16 | 000,002,392 | ---- | M] () -- C:\{CF97602C-74C3-493A-88F7-00746708A103}
[2014/01/15 12:40:24 | 000,002,672 | ---- | M] () -- C:\{2C519CE4-3E34-4064-932B-2D61D4583C45}
[2014/01/15 12:38:53 | 000,002,656 | ---- | M] () -- C:\{0DE4EA98-277F-4F1A-8308-1206C53B1E22}
[2014/01/15 12:37:18 | 000,002,560 | ---- | M] () -- C:\{B7EEA11B-E66C-484D-89AC-FB4D7A65B85B}
[2014/01/15 12:33:14 | 000,002,904 | ---- | M] () -- C:\{6BC7CCCF-A342-40F5-84BF-6AFA8049F69D}
[2014/01/14 16:22:40 | 000,000,356 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz
[2014/01/14 16:22:40 | 000,000,016 | -H-- | M] () -- C:\Windows\SysWow64\servdat.slm
[2014/01/14 16:19:53 | 000,001,335 | ---- | M] () -- C:\Users\Public\Desktop\20-20 Design.lnk
[2014/01/14 15:28:05 | 000,003,280 | ---- | M] () -- C:\{56C362AF-8574-40F8-81C3-B32370BD9EBD}
[2014/01/14 15:17:26 | 000,002,976 | ---- | M] () -- C:\{57DC2D31-DC5C-48E2-9943-5ADE4B198E6A}
[2014/01/14 11:46:52 | 000,121,164 | ---- | M] () -- C:\Users\Bubba7420\Desktop\SR_WR BASECAB_Page_2.tiff
[2014/01/14 11:46:52 | 000,089,684 | ---- | M] () -- C:\Users\Bubba7420\Desktop\SR_WR BASECAB_Page_1.tiff
[2014/01/13 16:29:03 | 000,043,784 | ---- | M] () -- C:\Users\Bubba7420\Desktop\NKBA SAMPLE CONTRACT 2011.pdf
[2014/01/13 16:28:59 | 000,068,944 | ---- | M] () -- C:\Users\Bubba7420\Desktop\agreement.pdf
[2014/01/13 12:02:29 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Programs Manager.lnk
[2014/01/13 12:01:18 | 001,777,452 | ---- | M] () -- C:\Users\Bubba7420\Desktop\IMAG0814_BURST002.jpg
[2014/01/13 12:01:18 | 001,754,732 | ---- | M] () -- C:\Users\Bubba7420\Desktop\IMAG0813.jpg
[2014/01/13 12:01:18 | 001,720,480 | ---- | M] () -- C:\Users\Bubba7420\Desktop\IMAG0808.jpg
[2014/01/13 12:01:18 | 001,616,074 | ---- | M] () -- C:\Users\Bubba7420\Desktop\IMAG0810.jpg
[2014/01/13 12:01:18 | 001,527,243 | ---- | M] () -- C:\Users\Bubba7420\Desktop\IMAG0811.jpg
[2014/01/13 12:01:18 | 001,514,850 | ---- | M] () -- C:\Users\Bubba7420\Desktop\IMAG0812.jpg
[2014/01/13 12:01:18 | 001,431,230 | ---- | M] () -- C:\Users\Bubba7420\Desktop\IMAG0807.jpg
[2014/01/11 17:14:08 | 000,001,035 | ---- | M] () -- C:\Users\Bubba7420\Desktop\Bulk Rename Utility.lnk
[2014/01/11 17:12:02 | 000,715,759 | ---- | M] () -- C:\Users\Bubba7420\Desktop\BRU_Manual.pdf
[2014/01/11 16:40:23 | 003,583,571 | ---- | M] () -- C:\Users\Bubba7420\Desktop\KAZOR_2014_01_02_STUCCO.PDF
[2014/01/10 11:44:11 | 000,002,512 | ---- | M] () -- C:\{647FBB6B-A6C0-4AF7-91F6-43EB16BD8CCD}
[2014/01/09 15:05:29 | 000,164,021 | ---- | M] () -- C:\Users\Bubba7420\Desktop\SR_WR BASECAB.pdf
[2014/01/08 17:42:30 | 000,366,322 | ---- | M] () -- C:\Users\Bubba7420\Desktop\mdo_dow_TIP_24-n-24_frameless.pdf
[2014/01/08 16:32:07 | 000,403,971 | ---- | M] () -- C:\Users\Bubba7420\Desktop\ZV800SJSS_DC.skp
[2014/01/08 13:17:52 | 000,003,608 | ---- | M] () -- C:\bootsqm.dat
[2014/01/08 10:50:54 | 000,068,924 | ---- | M] () -- C:\test.xml
[2014/01/07 18:38:39 | 000,001,558 | ---- | M] () -- C:\Users\Public\Desktop\Harmony.lnk
[2014/01/07 14:41:55 | 000,001,644 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2014/01/07 14:41:55 | 000,000,288 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/01/07 14:41:36 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2014/01/07 14:41:29 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2014/01/06 20:04:01 | 001,204,237 | ---- | M] () -- C:\Users\Bubba7420\Desktop\Poblocki master closet Rev 1_6_14 ve tecnik.kit
[2014/01/06 18:31:16 | 001,204,237 | ---- | M] () -- C:\Users\Bubba7420\Desktop\Poblocki master closet Rev 1_6_14 ve tecnik.bak
[2014/01/06 14:56:49 | 000,000,000 | -H-- | M] () -- C:\fileimage.dat
[2014/01/03 16:03:18 | 000,517,783 | ---- | M] () -- C:\Users\Bubba7420\Desktop\A3-First Floor Plan 12-20-13.pdf
[2014/01/03 16:03:09 | 000,307,738 | ---- | M] () -- C:\Users\Bubba7420\Desktop\A5-Second Floor Note Plan 12-20-13.pdf
[2014/01/03 09:27:39 | 000,001,532 | ---- | M] () -- C:\Users\Bubba7420\Desktop\Crystal Product Catalog.lnk
[2013/12/31 15:06:23 | 000,001,173 | ---- | M] () -- C:\Users\Bubba7420\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2013/12/31 15:06:23 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/12/30 13:36:12 | 000,002,520 | ---- | M] () -- C:\{76A42B58-DFDC-4ABB-B2CA-7BDF72E66CFC}
[4 C:\Users\Bubba7420\Desktop\*.tmp files -> C:\Users\Bubba7420\Desktop\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/27 08:59:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2014/01/24 16:50:06 | 016,377,839 | ---- | C] () -- C:\Users\Bubba7420\Desktop\ENC2014.ZIP
[2014/01/24 16:43:56 | 000,043,567 | ---- | C] () -- C:\Users\Bubba7420\Desktop\t2.jpg
[2014/01/24 16:43:23 | 000,048,659 | ---- | C] () -- C:\Users\Bubba7420\Desktop\tank1.jpg
[2014/01/24 10:46:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/24 10:46:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/24 10:46:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/24 10:46:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/24 10:46:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/23 17:11:29 | 000,100,944 | ---- | C] () -- C:\Users\Bubba7420\Desktop\SketchUcationTools.rbz
[2014/01/23 15:43:20 | 000,088,370 | ---- | C] () -- C:\Users\Bubba7420\Desktop\REV #1_ 14-002 Bogel Residence kitchen 1_16^1.pdf
[2014/01/23 13:40:37 | 001,341,769 | ---- | C] () -- C:\Users\Bubba7420\Desktop\Tile Stone and Countertops 01232014.zip
[2014/01/23 13:40:32 | 001,278,556 | ---- | C] () -- C:\Users\Bubba7420\Desktop\Cabinetry 01232014.zip
[2014/01/23 11:02:37 | 000,009,897 | ---- | C] () -- C:\Users\Bubba7420\Desktop\taylor invoice.pdf
[2014/01/22 17:28:17 | 000,002,243 | ---- | C] () -- C:\Users\Bubba7420\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/22 17:28:17 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/22 17:27:47 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/22 17:27:47 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/22 16:11:13 | 000,067,800 | ---- | C] () -- C:\Users\Bubba7420\Desktop\cc_20140122_161109.reg
[2014/01/22 14:07:15 | 000,076,649 | ---- | C] () -- C:\Users\Bubba7420\Desktop\screenshot.png
[2014/01/22 13:34:11 | 000,000,065 | -H-- | C] () -- C:\Users\Bubba7420\Desktop\POBLOCKI UPSTAIRS WETBAR1023.dwl
[2014/01/22 12:39:23 | 000,000,166 | ---- | C] () -- C:\Users\Bubba7420\Desktop\backup.reg
[2014/01/21 20:38:40 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/01/21 17:00:19 | 000,001,867 | ---- | C] () -- C:\Users\Bubba7420\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
[2014/01/21 17:00:19 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\P-touch Address Book 1.1.lnk
[2014/01/21 16:57:09 | 000,001,862 | ---- | C] () -- C:\Users\Bubba7420\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2014/01/21 16:57:05 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\P-touch Update Software.lnk
[2014/01/21 16:15:19 | 000,030,560 | ---- | C] () -- C:\acadminidump.dmp
[2014/01/21 13:25:50 | 000,076,288 | ---- | C] () -- C:\Users\Bubba7420\Desktop\unnamed.jpg
[2014/01/20 16:07:46 | 000,002,440 | ---- | C] () -- C:\{A6449AB7-3583-4476-82DD-7F17A83562EA}
[2014/01/20 15:56:43 | 000,002,888 | ---- | C] () -- C:\{32C6B3AB-B8C3-456C-81E7-F9E521999661}
[2014/01/20 15:52:14 | 000,003,192 | ---- | C] () -- C:\{72CF18F5-F36A-42BD-9831-683418BDA427}
[2014/01/20 15:10:56 | 000,003,464 | ---- | C] () -- C:\{8D45DD25-AFF5-4182-BABE-24DA327E4FAC}
[2014/01/20 13:38:54 | 000,003,480 | ---- | C] () -- C:\{B4458F2B-8661-4BFD-8D9E-09F24DDB47C7}
[2014/01/18 13:43:11 | 000,001,604 | ---- | C] () -- C:\Users\Bubba7420\Desktop\14_Proposals 2014 - Shortcut.lnk
[2014/01/18 13:42:31 | 000,000,623 | ---- | C] () -- C:\Users\Bubba7420\Desktop\Studio West - Shared (STUDIO-PC3) (Z) - Shortcut.lnk
[2014/01/16 13:12:14 | 000,003,320 | ---- | C] () -- C:\{A50509ED-94DE-4D55-9D7F-0EA1D543562A}
[2014/01/16 13:07:04 | 000,002,608 | ---- | C] () -- C:\{D7C65911-26F4-4CFC-BFF4-5DA73279CE43}
[2014/01/16 13:05:43 | 000,002,624 | ---- | C] () -- C:\{AB88A8E9-5C18-4151-9EA8-AD33888E8A42}
[2014/01/15 13:05:29 | 000,002,480 | ---- | C] () -- C:\{1508A766-26F5-4B22-85B3-009F6F51E586}
[2014/01/15 12:48:05 | 000,002,408 | ---- | C] () -- C:\{3265B546-96E0-4F93-A92A-FA51070A02F6}
[2014/01/15 12:45:13 | 000,002,392 | ---- | C] () -- C:\{CF97602C-74C3-493A-88F7-00746708A103}
[2014/01/15 12:40:22 | 000,002,672 | ---- | C] () -- C:\{2C519CE4-3E34-4064-932B-2D61D4583C45}
[2014/01/15 12:38:51 | 000,002,656 | ---- | C] () -- C:\{0DE4EA98-277F-4F1A-8308-1206C53B1E22}
[2014/01/15 12:37:15 | 000,002,560 | ---- | C] () -- C:\{B7EEA11B-E66C-484D-89AC-FB4D7A65B85B}
[2014/01/15 12:33:11 | 000,002,904 | ---- | C] () -- C:\{6BC7CCCF-A342-40F5-84BF-6AFA8049F69D}
[2014/01/15 10:12:10 | 000,120,054 | ---- | C] () -- C:\Users\Bubba7420\Desktop\SWlogo.jpg
[2014/01/14 16:19:53 | 000,001,335 | ---- | C] () -- C:\Users\Public\Desktop\20-20 Design.lnk
[2014/01/14 15:27:51 | 000,003,280 | ---- | C] () -- C:\{56C362AF-8574-40F8-81C3-B32370BD9EBD}
[2014/01/14 15:17:07 | 000,002,976 | ---- | C] () -- C:\{57DC2D31-DC5C-48E2-9943-5ADE4B198E6A}
[2014/01/14 11:46:52 | 000,121,164 | ---- | C] () -- C:\Users\Bubba7420\Desktop\SR_WR BASECAB_Page_2.tiff
[2014/01/14 11:46:52 | 000,089,684 | ---- | C] () -- C:\Users\Bubba7420\Desktop\SR_WR BASECAB_Page_1.tiff
[2014/01/13 16:29:03 | 000,043,784 | ---- | C] () -- C:\Users\Bubba7420\Desktop\NKBA SAMPLE CONTRACT 2011.pdf
[2014/01/13 16:28:59 | 000,068,944 | ---- | C] () -- C:\Users\Bubba7420\Desktop\agreement.pdf
[2014/01/13 12:02:07 | 001,777,452 | ---- | C] () -- C:\Users\Bubba7420\Desktop\IMAG0814_BURST002.jpg
[2014/01/13 12:02:07 | 001,754,732 | ---- | C] () -- C:\Users\Bubba7420\Desktop\IMAG0813.jpg
[2014/01/13 12:02:07 | 001,720,480 | ---- | C] () -- C:\Users\Bubba7420\Desktop\IMAG0808.jpg
[2014/01/13 12:02:07 | 001,616,074 | ---- | C] () -- C:\Users\Bubba7420\Desktop\IMAG0810.jpg
[2014/01/13 12:02:07 | 001,527,243 | ---- | C] () -- C:\Users\Bubba7420\Desktop\IMAG0811.jpg
[2014/01/13 12:02:07 | 001,514,850 | ---- | C] () -- C:\Users\Bubba7420\Desktop\IMAG0812.jpg
[2014/01/13 12:02:07 | 001,431,230 | ---- | C] () -- C:\Users\Bubba7420\Desktop\IMAG0807.jpg
[2014/01/11 17:14:08 | 000,001,035 | ---- | C] () -- C:\Users\Bubba7420\Desktop\Bulk Rename Utility.lnk
[2014/01/11 17:12:02 | 000,715,759 | ---- | C] () -- C:\Users\Bubba7420\Desktop\BRU_Manual.pdf
[2014/01/11 16:28:14 | 003,583,571 | ---- | C] () -- C:\Users\Bubba7420\Desktop\KAZOR_2014_01_02_STUCCO.PDF
[2014/01/10 11:44:07 | 000,002,512 | ---- | C] () -- C:\{647FBB6B-A6C0-4AF7-91F6-43EB16BD8CCD}
[2014/01/09 15:01:05 | 000,164,021 | ---- | C] () -- C:\Users\Bubba7420\Desktop\SR_WR BASECAB.pdf
[2014/01/08 17:42:27 | 000,366,322 | ---- | C] () -- C:\Users\Bubba7420\Desktop\mdo_dow_TIP_24-n-24_frameless.pdf
[2014/01/08 13:17:52 | 000,003,608 | ---- | C] () -- C:\bootsqm.dat
[2014/01/07 18:38:39 | 000,001,530 | ---- | C] () -- C:\Users\Public\Desktop\Harmony Quotes.lnk
[2014/01/06 21:38:59 | 000,050,488 | ---- | C] () -- C:\Windows\CUAppUsage.Dat
[2014/01/06 17:16:26 | 001,204,237 | ---- | C] () -- C:\Users\Bubba7420\Desktop\Poblocki master closet Rev 1_6_14 ve tecnik.kit
[2014/01/06 17:16:26 | 001,204,237 | ---- | C] () -- C:\Users\Bubba7420\Desktop\Poblocki master closet Rev 1_6_14 ve tecnik.bak
[2014/01/06 14:56:49 | 000,000,000 | -H-- | C] () -- C:\fileimage.dat
[2014/01/06 14:55:00 | 000,019,568 | ---- | C] () -- C:\Windows\SysNative\drivers\evdd.sys
[2014/01/06 14:41:18 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Programs Manager.lnk
[2014/01/03 16:03:17 | 000,517,783 | ---- | C] () -- C:\Users\Bubba7420\Desktop\A3-First Floor Plan 12-20-13.pdf
[2014/01/03 16:03:08 | 000,307,738 | ---- | C] () -- C:\Users\Bubba7420\Desktop\A5-Second Floor Note Plan 12-20-13.pdf
[2014/01/03 09:27:39 | 000,001,532 | ---- | C] () -- C:\Users\Bubba7420\Desktop\Crystal Product Catalog.lnk
[2013/12/31 15:06:23 | 000,001,173 | ---- | C] () -- C:\Users\Bubba7420\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2013/12/31 15:06:22 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/12/30 13:36:12 | 000,002,520 | ---- | C] () -- C:\{76A42B58-DFDC-4ABB-B2CA-7BDF72E66CFC}
[2013/11/12 17:22:45 | 000,001,081 | ---- | C] () -- C:\Windows\QuickOE.ini
[2013/11/12 17:22:40 | 000,011,264 | ---- | C] () -- C:\Windows\PBMidMan.dll
[2013/08/27 13:26:20 | 000,000,218 | ---- | C] () -- C:\Users\Bubba7420\AppData\Local\recently-used.xbel
[2013/08/14 11:15:42 | 000,000,000 | ---- | C] () -- C:\Windows\mtstack16.INI
[2013/07/31 19:07:48 | 000,627,202 | ---- | C] () -- C:\Users\Bubba7420\CCF07312013_0002 (1) 2.pdf
[2013/07/10 15:52:36 | 000,000,054 | ---- | C] () -- C:\ProgramData\.bf45c81f8dc8abfeecf09.dat
[2013/06/12 17:11:04 | 000,001,184 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2013/06/11 19:36:08 | 000,154,181 | ---- | C] () -- C:\Users\Bubba7420\128-2280114.WibuCmRaC
[2013/06/11 15:11:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2013/06/10 19:16:17 | 000,000,380 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2013/06/10 18:27:54 | 000,000,025 | ---- | C] () -- C:\Windows\emcore.INI
[2013/06/10 15:35:54 | 000,109,696 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2013/05/30 18:43:51 | 000,000,422 | ---- | C] () -- C:\Windows\SysWow64\MSST42.DLL
[2013/05/28 17:23:21 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/04/29 09:46:22 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/04/29 09:46:22 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/04/05 16:23:39 | 000,285,895 | ---- | C] () -- C:\Users\Bubba7420\Binder1 1.pdf
[2013/04/03 20:24:52 | 000,154,181 | ---- | C] () -- C:\Users\Bubba7420\128-2275001.WibuCmRaC
[2013/03/06 19:31:32 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/02/01 08:28:13 | 000,163,932 | ---- | C] () -- C:\Windows\_isusr32.dll
[2013/02/01 08:28:13 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2012/12/31 15:41:55 | 000,004,114 | ---- | C] () -- C:\Users\Bubba7420\AppData\Roaming\SAS7_000.DAT
[2012/12/28 13:43:25 | 000,037,851 | ---- | C] () -- C:\Users\Bubba7420\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/12/28 13:41:50 | 000,021,213 | ---- | C] () -- C:\Users\Bubba7420\AppData\Roaming\Comma Separated Values (DOS).EML
[2012/12/04 04:04:42 | 000,090,824 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2012/11/19 09:21:48 | 000,154,181 | ---- | C] () -- C:\Users\Bubba7420\128-2171550.WibuCmRaC
[2012/06/08 11:06:31 | 000,164,446 | ---- | C] () -- C:\Users\Bubba7420\AppData\Local\ars.cache
[2012/06/08 10:24:31 | 000,000,036 | ---- | C] () -- C:\Users\Bubba7420\AppData\Local\housecall.guid.cache
[2012/04/14 15:15:23 | 000,000,000 | ---- | C] () -- C:\Users\Bubba7420\AppData\Roaming\bibstats
[2012/04/09 21:32:56 | 000,000,131 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/03/26 11:35:48 | 000,000,745 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011/12/16 07:42:20 | 000,000,132 | ---- | C] () -- C:\Users\Bubba7420\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/16 05:27:45 | 000,000,132 | ---- | C] () -- C:\Users\Bubba7420\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/15 03:11:13 | 000,000,081 | ---- | C] () -- C:\Users\Bubba7420\CTX.DAT
[2011/02/21 15:12:34 | 000,007,607 | ---- | C] () -- C:\Users\Bubba7420\AppData\Local\Resmon.ResmonCfg
[2010/09/14 17:36:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/31 16:56:53 | 000,003,584 | ---- | C] () -- C:\Users\Bubba7420\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 18:54:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2013/03/24 17:10:32 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:91496422
@Alternate Data Stream - 160 bytes -> C:\Users\Bubba7420\Desktop\DSC_0009.JPG:com.dropbox.attributes
@Alternate Data Stream - 16 bytes -> C:\Users\Bubba7420\Downloads:Shareaza.GUID
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:FD9CE1F3
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:4C7FC755
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A1EDB939
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D287FACF
 
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users