Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome infected


  • This topic is locked This topic is locked
13 replies to this topic

#1 scubaman2009

scubaman2009

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:11:32 PM

Posted 14 February 2015 - 11:29 PM

chrome infected with something that causes when you click on links on websites and in email(these links are for business purposes so they are sae) it redirects you to a different web page. tends to be one saying your browser is infected and to call some number. not quite sure how to fix this



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:32 PM

Posted 15 February 2015 - 01:03 PM

Hello scubaman2009,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:11:32 PM

Posted 15 February 2015 - 05:12 PM

# AdwCleaner v4.110 - Logfile created 15/02/2015 at 16:48:31
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : bubba7420 - SCUBAMAN2009
# Running from : C:\Users\bubba7420\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\dealbomb
Folder Deleted : C:\ProgramData\crazylowerprice
Folder Deleted : C:\ProgramData\b406fbac09bd95b0
Folder Deleted : C:\Program Files (x86)\dealbomb
Folder Deleted : C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\anttoolbar@ant.com
File Deleted : C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8348C1F2-1FE8-EADF-5C76-34B0728A3FBC}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v35.0 (x86 en-US)
 
[fuw03owc.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [3827 bytes] - [15/02/2015 16:46:28]
AdwCleaner[S0].txt - [3433 bytes] - [15/02/2015 16:48:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3492  bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by bubba7420 (administrator) on SCUBAMAN2009 on 15-02-2015 17:08:51
Running from C:\Users\bubba7420\Downloads
Loaded Profiles: bubba7420 (Available profiles: bubba7420)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\postgres\bin\pg_ctl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\postgres\bin\postgres.exe
(Apache Software Foundation) C:\apache-tomcat-6.0.18\bin\tomcat6.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(PostgreSQL Global Development Group) C:\postgres\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgres\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgres\bin\postgres.exe
(Sun Microsystems, Inc.) C:\csremote38\jdk1.6.0_10\bin\java.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Sun Microsystems, Inc.) C:\csremote38\jdk1.6.0_10\bin\java.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(PostgreSQL Global Development Group) C:\postgres\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgres\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgres\bin\postgres.exe
(Sun Microsystems, Inc.) C:\csremote38\jdk1.6.0_10\bin\java.exe
(PostgreSQL Global Development Group) C:\postgres\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgres\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgres\bin\postgres.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\Indexer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-06-04] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3993744 2014-05-22] (Stardock Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [SonyNBSetupAfterReboot] => C:\Users\BUBBA7~1\AppData\Local\Temp\GLF3ACF\SonyNBSetup.exe <===== ATTENTION
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\Run: [uTorrent] => C:\Users\bubba7420\AppData\Roaming\uTorrent\uTorrent.exe [1677904 2015-01-21] (BitTorrent Inc.)
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2587072 2015-02-10] (TunnelBear)
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\Policies\Explorer: [NofolderOptions] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} file:///C:/ProgramData/20-20%20Technologies/VSAT/Core/Player/2020PlayerAX_WEB_Win32.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1122B8DA-A3F1-40B3-BBF7-BAA0F6566FB7}: [NameServer] 8.8.8.8,4.4.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\artur.dubovoy@gmail.com [2015-02-15]
FF Extension: MinimizeToTray revived (MinTrayR) - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\mintrayr@tn123.ath.cx [2014-08-07]
FF Extension: TooManyTabs - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\TooManyTabs@visibotech.com [2014-08-04]
FF Extension: Flashblock - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-11-24]
FF Extension: DownloadHelper - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Flash and Video Download - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-01-28]
FF Extension: DownThemAll! AntiContainer - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\anticontainer@downthemall.net.xpi [2014-08-04]
FF Extension: Flash OnOff - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\jid0-XXocAsQYPfKHSY8ebTi0VcX8eNQ@jetpack.xpi [2014-08-04]
FF Extension: Load Control - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\loadcontrol@mcphate.org.xpi [2014-08-04]
FF Extension: New Tabs at the End - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\new-tabs-at-end@forerunnerdesigns.com.xpi [2014-08-04]
FF Extension: Open Link in New Tab - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\openlinkintab@piro.sakura.ne.jp.xpi [2014-08-04]
FF Extension: Tab Kit 2nd Edition - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\tabkit2@pikachuexe.amateur.hk.xpi [2014-08-04]
FF Extension: Tab Utilities - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\tabutils@ithinc.cn.xpi [2014-08-04]
FF Extension: FlashGot - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-08-04]
FF Extension: Tab Control - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\{39952c40-5197-11da-8cd6-0800200c9a66}.xpi [2014-08-04]
FF Extension: Flash Block - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2014-11-24]
FF Extension: Tab Mix Plus - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-08-04]
FF Extension: DownThemAll! - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-08-04]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-09-08]
FF HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.symbaloo.com/
CHR StartupUrls: Default -> "hxxp://www.symbaloo.com/", "hxxp://google.com/"
CHR Profile: C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-01-15]
CHR Extension: (Google Drive) - C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-04]
CHR Extension: (YouTube) - C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-04]
CHR Extension: (Google Search) - C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-04]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-08-04]
CHR Extension: (Planbox - Agile Project Management Tool) - C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\fapfbnhbikoppmmhgkocdolgomnodnna [2015-01-15]
CHR Extension: (Bookmark Manager) - C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-02-03]
CHR Extension: (PMRobot Project Management) - C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgmbdjbioclglfplibgckdieigaakmh [2015-01-15]
CHR Extension: (Poppit!) - C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-01-15]
CHR Extension: (Google Wallet) - C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]
CHR Extension: (Gmail) - C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-16] (NVIDIA Corporation)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-03-28] (Stardock Software, Inc)
R2 Tomcat6; c:\apache-tomcat-6.0.18\bin\tomcat6.exe [57344 2008-07-22] (Apache Software Foundation) [File not signed]
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [34240 2015-02-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 CSEntService; "C:\csremote38\jdk1.6.0_10\bin\java.exe" "-classpath" "C:\csremote38\WEB-INF\classes\yajsw-stable-11.0\wrapper.jar" "-Xrs" "-Dwrapper.service=true" "-Dwrapper.working.dir=C:\csremote38\WEB-INF\classes" "-Dwrapper.config=C:\csremote38\WEB-INF\classes\yajsw-stable-11.0\conf\wrapper.conf" "-Dwrapper.additional.1x=-Xrs" "org.rzo.yajsw.boot.WrapperServiceBooter" 
R2 pgsql-8.2; c:/postgres/bin/pg_ctl.exe runservice -N "pgsql-8.2" -D "c:/postgres/data" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150213.001\IDSvia64.sys [669400 2015-02-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150215.001\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150215.001\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
R3 SNTUSB64; C:\Windows\System32\drivers\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2014-10-14] (The OpenVPN Project)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295216 2013-06-18] (Marvell)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 MFE_RR; \??\C:\Users\BUBBA7~1\AppData\Local\Temp\mfe_rr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 17:08 - 2015-02-15 17:09 - 00028850 _____ () C:\Users\bubba7420\Downloads\FRST.txt
2015-02-15 17:08 - 2015-02-15 17:08 - 00000000 ____D () C:\FRST
2015-02-15 17:07 - 2015-02-15 17:07 - 02085888 _____ (Farbar) C:\Users\bubba7420\Downloads\frst64.exe
2015-02-15 16:55 - 2015-02-15 17:00 - 601947938 _____ () C:\Users\bubba7420\Downloads\bwb_britney_amber_tt011915_480p_2000.mp4
2015-02-15 16:51 - 2015-02-15 16:51 - 00003580 _____ () C:\Users\bubba7420\Desktop\AdwCleaner[S0].txt
2015-02-15 16:50 - 2015-02-15 16:50 - 00000000 ____H () C:\ProgramData\cm-lock
2015-02-15 16:46 - 2015-02-15 16:48 - 00000000 ____D () C:\AdwCleaner
2015-02-15 16:45 - 2015-02-15 16:45 - 02112512 _____ () C:\Users\bubba7420\Downloads\AdwCleaner.exe
2015-02-14 15:10 - 2015-02-14 15:10 - 01346977 _____ () C:\Users\bubba7420\Downloads\BA46 (1).dwg
2015-02-14 13:30 - 2015-02-14 13:39 - 1584518377 _____ () C:\Users\bubba7420\Downloads\lifelong-bleep.mp4
2015-02-14 13:30 - 2015-02-14 13:39 - 1489937283 _____ () C:\Users\bubba7420\Downloads\big-energy-cock.mp4
2015-02-14 13:30 - 2015-02-14 13:39 - 1058585977 _____ () C:\Users\bubba7420\Downloads\home-improvement.mp4
2015-02-14 13:28 - 2015-02-14 13:40 - 758900959 _____ () C:\Users\bubba7420\Downloads\dl.php-{4e6a9e1c-ef14-47f9-b58e-0e52dbb138ee}.dtapart
2015-02-14 13:27 - 2015-02-14 13:29 - 1136065932 _____ () C:\Users\bubba7420\Downloads\Entry_In_The_Rear_Scene_1.mp4-{dcee5f73-356b-4248-9454-1efcd29e03ab}.dtapart
2015-02-14 13:27 - 2015-02-14 13:29 - 1099535579 _____ () C:\Users\bubba7420\Downloads\Cum_Crossfire_2_Scene_5.mp4-{181edf18-d0b7-4448-9867-6e5a39c6d3dd}.dtapart
2015-02-14 13:27 - 2015-02-14 13:28 - 1124399079 _____ () C:\Users\bubba7420\Downloads\Eye_bleeped_Them_All_1_Scene_1.mp4-{e05ec5cc-987b-4ee5-92d3-216fa44aaf00}.dtapart
2015-02-14 13:22 - 2015-02-14 13:29 - 915731445 _____ () C:\Users\bubba7420\Downloads\the-first-one-in-the-van.wmv
2015-02-14 13:22 - 2015-02-14 13:29 - 1273006081 _____ () C:\Users\bubba7420\Downloads\brenda-boopov.mp4
2015-02-14 13:19 - 2015-02-14 13:22 - 857186713 _____ () C:\Users\bubba7420\Downloads\lcp1171_taking_our_time_sd.wmv
2015-02-14 13:10 - 2015-02-14 13:17 - 1656459375 _____ () C:\Users\bubba7420\Downloads\petite-czech-slut.mp4
2015-02-14 13:10 - 2015-02-14 13:15 - 1360753236 _____ () C:\Users\bubba7420\Downloads\pleasing-the-eye.mp4
2015-02-14 09:56 - 2015-02-14 10:00 - 640307323 _____ () C:\Users\bubba7420\Downloads\toogoodtobetrue_clip5_3000.mp4
2015-02-14 09:56 - 2015-02-14 09:59 - 610535303 _____ () C:\Users\bubba7420\Downloads\toogoodtobetrue_clip4_3000.mp4
2015-02-14 09:45 - 2015-02-14 09:45 - 124445353 _____ () C:\Users\bubba7420\Downloads\785_part1.mp4
2015-02-14 09:44 - 2015-02-14 09:46 - 408524651 _____ () C:\Users\bubba7420\Downloads\319_part1.mp4
2015-02-14 09:43 - 2015-02-14 09:46 - 528601804 _____ () C:\Users\bubba7420\Downloads\921_part1.mp4
2015-02-14 09:35 - 2015-02-14 09:37 - 00000000 ____D () C:\Users\bubba7420\Downloads\Cage the Elephant - Melophobia [2013] [Mp3-320]-V3nom [GLT]
2015-02-14 09:35 - 2015-02-14 09:35 - 00000000 ____D () C:\Users\bubba7420\Downloads\MY DARKEST DAYS - DISCOGRAPHY [CHANNEL NEO]
2015-02-14 09:35 - 2015-02-14 09:35 - 00000000 ____D () C:\Users\bubba7420\Downloads\Cage The Elephant
2015-02-13 22:26 - 2015-02-13 22:26 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-13 22:26 - 2015-02-13 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-13 22:25 - 2015-02-13 22:26 - 00000000 ____D () C:\Program Files\iTunes
2015-02-13 19:03 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 19:03 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 21:50 - 2015-02-12 21:52 - 502126104 _____ () C:\Users\bubba7420\Downloads\good_banging_big.mp4.part
2015-02-12 21:50 - 2015-02-12 21:52 - 325230677 _____ () C:\Users\bubba7420\Downloads\in_them_jeans_big.mp4.part
2015-02-12 15:07 - 2015-02-12 15:07 - 00000000 ____D () C:\Users\bubba7420\Downloads\attachments
2015-02-12 04:29 - 2015-02-12 04:29 - 01017800 _____ () C:\Users\bubba7420\Downloads\attachments.zip
2015-02-11 03:38 - 2015-02-11 03:38 - 00000000 ____D () C:\Users\bubba7420\AppData\Local\IsolatedStorage
2015-02-11 03:37 - 2015-02-15 16:47 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2015-02-11 03:37 - 2015-02-11 03:40 - 00000000 ____D () C:\Users\bubba7420\AppData\Roaming\TunnelBear
2015-02-11 03:37 - 2015-02-11 03:37 - 00001889 _____ () C:\Users\Public\Desktop\TunnelBear.lnk
2015-02-11 03:37 - 2015-02-11 03:37 - 00000000 ____D () C:\Users\bubba7420\AppData\Local\HockeyApp
2015-02-11 03:37 - 2015-02-11 03:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2015-02-11 03:35 - 2015-02-11 03:35 - 11803192 _____ (TunnelBear) C:\Users\bubba7420\Downloads\TunnelBear-Install.exe
2015-02-10 18:55 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 18:55 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 18:55 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-10 18:55 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-10 18:55 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 18:55 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 18:55 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 18:55 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 18:55 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-10 18:55 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 18:55 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 18:55 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 18:55 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 18:55 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 18:55 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 18:55 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 18:55 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 18:55 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-10 18:55 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-10 18:55 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-10 18:55 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 18:55 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-10 18:55 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-10 18:55 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-10 18:55 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-10 18:55 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-10 18:54 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 18:54 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 18:54 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 18:54 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 18:54 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 18:54 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 18:54 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 18:54 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 18:54 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 18:54 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 18:54 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 18:54 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 18:54 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-10 18:54 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 18:54 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 18:54 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 18:54 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 18:54 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 18:54 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 18:54 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 18:54 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-10 18:54 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-10 18:54 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-10 18:54 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 18:54 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-10 18:54 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 18:54 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 18:54 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 18:54 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 18:54 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 18:54 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 18:54 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 18:54 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 18:54 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 18:54 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 18:54 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 18:54 - 2014-12-08 18:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 18:53 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 18:53 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 18:53 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 18:53 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 18:53 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 18:53 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 18:53 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 18:53 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-09 22:18 - 2015-02-09 22:19 - 12859696 _____ () C:\Users\bubba7420\Downloads\install sensio catalog-english.exe
2015-02-09 22:18 - 2015-02-09 22:18 - 08781974 _____ () C:\Users\bubba7420\Downloads\legrand_design catalog.zip
2015-02-09 22:17 - 2015-02-09 22:21 - 135382936 _____ () C:\Users\bubba7420\Downloads\afe_14a.zip
2015-02-09 22:17 - 2015-02-09 22:17 - 07972943 _____ () C:\Users\bubba7420\Downloads\hrdre_13.zip
2015-02-09 22:15 - 2015-02-09 22:16 - 48462645 _____ () C:\Users\bubba7420\Downloads\envoy_14_10172014_v9.zip
2015-02-09 22:15 - 2015-02-09 22:16 - 48307232 _____ () C:\Users\bubba7420\Downloads\usmarble_v81_2014-11-18.zip
2015-02-09 20:38 - 2015-02-09 20:40 - 85662243 _____ () C:\Users\bubba7420\Downloads\sbzwolf5_v9.zip
2015-02-09 20:38 - 2015-02-09 20:38 - 23092162 _____ () C:\Users\bubba7420\Downloads\lieb_14.zip
2015-02-09 20:21 - 2015-02-09 20:25 - 117677129 _____ () C:\Users\bubba7420\Downloads\gemon_4q.zip
2015-02-09 20:19 - 2015-02-09 20:24 - 145137498 _____ () C:\Users\bubba7420\Downloads\gedua_4q.zip
2015-02-09 14:42 - 2015-02-05 17:53 - 00005047 _____ () C:\Users\bubba7420\Downloads\c1393_ezmi_720.mov.html
2015-02-08 17:10 - 2015-02-08 17:10 - 00004572 _____ () C:\Windows\SysWOW64\hs_err_pid2268.log
2015-02-08 03:02 - 2015-02-08 03:04 - 789609472 _____ () C:\Users\bubba7420\Downloads\bffs_bachelorette_party_full_hi.mp4.part
2015-02-08 02:52 - 2015-02-08 03:04 - 1384470356 _____ () C:\Users\bubba7420\Downloads\bffs_girls_night_out_full_hi.mp4.part
2015-02-07 00:37 - 2015-02-07 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-02-07 00:37 - 2015-02-07 00:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-02-06 22:28 - 2015-02-15 00:13 - 01077287 _____ () C:\Users\bubba7420\Desktop\725 laundry.dwg
2015-02-06 22:28 - 2015-02-14 19:51 - 01075770 _____ () C:\Users\bubba7420\Desktop\725 laundry.bak
2015-02-06 19:18 - 2015-02-05 17:35 - 00005130 _____ () C:\Users\bubba7420\Downloads\p1124_melanie_720.mov.html
2015-02-06 12:44 - 2015-02-06 12:44 - 243421586 _____ ( ) C:\Users\bubba7420\Downloads\harmony1865jre1831 (1).exe
2015-02-06 01:20 - 2015-02-05 17:35 - 00002346 _____ () C:\Users\bubba7420\Downloads\prx403.php.html
2015-02-05 01:05 - 2015-02-05 01:13 - 1572413565 _____ () C:\Users\bubba7420\Downloads\bwb_aleksa_nicole_tt11015_720p_8000.mp4.part
2015-02-05 00:37 - 2015-02-07 00:37 - 00001947 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-02-05 00:37 - 2015-02-07 00:37 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-02 21:54 - 2015-02-05 21:32 - 00000000 ____D () C:\Users\bubba7420\Downloads\Ouija.2014.HC.HDRip.XViD.AC3-juggs[ETRG]
2015-02-02 21:51 - 2015-02-04 19:35 - 00000000 ____D () C:\Users\bubba7420\Downloads\Frozen (2013) [1080p]
2015-02-02 21:48 - 2015-02-04 19:31 - 00000000 ____D () C:\Users\bubba7420\Downloads\Big.Hero.6.2014.DVDSCR.x264-GoPanda
2015-02-02 20:54 - 2015-02-02 20:54 - 00000000 _____ () C:\Windows\mtstack16.INI
2015-02-02 19:15 - 2015-02-02 19:17 - 446823804 _____ () C:\Users\bubba7420\Downloads\dc_czh2-02.mp4.part
2015-02-02 19:15 - 2015-02-02 19:17 - 369818536 _____ () C:\Users\bubba7420\Downloads\dc_czh2-06.mp4.part
2015-02-01 17:43 - 2015-01-28 22:38 - 00000028 _____ () C:\Users\bubba7420\Downloads\wild-party-at-the-garage-workshop.wmv.html
2015-02-01 01:11 - 2015-02-05 21:27 - 00005166 _____ () C:\Users\bubba7420\Desktop\acltstk.dmp
2015-01-31 15:46 - 2015-01-31 16:08 - 1099001404 _____ () C:\Users\bubba7420\Downloads\020185-full.mov.part
2015-01-30 16:07 - 2015-01-30 16:08 - 135815957 _____ () C:\Users\bubba7420\Downloads\V67356_full_h264_1500.mp4.part
2015-01-29 05:14 - 2015-01-29 05:14 - 00000000 ____D () C:\Users\bubba7420\AppData\Roaming\20-20 Technologies
2015-01-29 05:12 - 2015-01-29 05:12 - 02802587 _____ (20-20 Technologies) C:\Users\bubba7420\Downloads\CrystalCabinetWorks.exe
2015-01-28 18:32 - 2015-01-28 18:33 - 00000000 ____D () C:\postgres
2015-01-28 18:32 - 2015-01-28 18:33 - 00000000 ____D () C:\apache-tomcat-6.0.18
2015-01-28 18:30 - 2015-01-28 18:32 - 00000000 ____D () C:\csremote38
2015-01-28 18:28 - 2015-01-28 18:28 - 00000000 ____D () C:\harmony1865jre1831
2015-01-28 18:27 - 2015-01-28 18:27 - 243421586 _____ ( ) C:\Users\bubba7420\Downloads\harmony1865jre1831.exe
2015-01-28 17:18 - 2015-01-28 17:18 - 00001990 _____ () C:\Users\bubba7420\Downloads\play.php3
2015-01-27 21:28 - 2014-05-15 07:51 - 593156062 _____ () C:\Users\bubba7420\Downloads\540p_fullcomplete.mp4893001
2015-01-26 16:38 - 2015-01-26 23:47 - 00008369 _____ () C:\Users\bubba7420\Desktop\725 appliance wishlist.xlsx
2015-01-26 14:55 - 2015-01-26 14:55 - 02584118 _____ () C:\Users\bubba7420\Downloads\Cluny1800Classique.dwg
2015-01-26 14:55 - 2015-01-26 14:55 - 02461937 _____ () C:\Users\bubba7420\Downloads\Cluny1400ClassiqueLeft.dwg
2015-01-26 14:55 - 2015-01-26 14:55 - 01347109 _____ () C:\Users\bubba7420\Downloads\ClunyClassique (1).dxf
2015-01-26 14:55 - 2015-01-26 14:55 - 01328071 _____ () C:\Users\bubba7420\Downloads\Sully2200Classique.dxf
2015-01-26 14:55 - 2015-01-26 14:55 - 00937273 _____ () C:\Users\bubba7420\Downloads\ClunyTraditional (2).dxf
2015-01-23 18:16 - 2015-01-26 05:00 - 00000000 ____D () C:\Users\bubba7420\Downloads\DISTURBED - DISCOGRAPHY 320Kbps CbR Mp3 [TuGAZx]
2015-01-22 23:50 - 2015-01-22 23:50 - 00000000 ____D () C:\ProgramData\Reprise
2015-01-22 23:46 - 2015-01-22 23:46 - 00002178 _____ () C:\Users\Public\Desktop\Style Builder 2015.lnk
2015-01-22 23:46 - 2015-01-22 23:46 - 00002092 _____ () C:\Users\Public\Desktop\LayOut 2015.lnk
2015-01-22 23:46 - 2015-01-22 23:46 - 00002003 _____ () C:\Users\Public\Desktop\SketchUp 2015.lnk
2015-01-22 23:46 - 2015-01-22 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015
2015-01-22 23:45 - 2015-01-22 23:45 - 00000000 ____D () C:\Program Files\SketchUp
2015-01-22 20:26 - 2015-01-22 20:26 - 08050338 _____ () C:\Users\bubba7420\Downloads\SalvamentoAutomático_Sem-nome (1).skp
2015-01-22 17:44 - 2015-01-22 17:44 - 00262232 _____ () C:\Users\bubba7420\Downloads\GoogleUpdate (1).adm
2015-01-22 17:37 - 2015-01-22 17:37 - 00262232 _____ () C:\Users\bubba7420\Downloads\GoogleUpdate.adm
2015-01-22 17:28 - 2015-01-22 20:51 - 00001636 _____ () C:\Users\bubba7420\Downloads\drfone-for-ios_full1283 - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 20:51 - 00001627 _____ () C:\Users\bubba7420\Downloads\Harmony1864jre1825 (1) - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 20:51 - 00001627 _____ () C:\Users\bubba7420\Downloads\Harmony1863jre1825 (1) - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 20:51 - 00001591 _____ () C:\Users\bubba7420\Downloads\Harmony1864jre1825 - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 20:51 - 00001591 _____ () C:\Users\bubba7420\Downloads\Harmony1863jre1825 - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 20:51 - 00001591 _____ () C:\Users\bubba7420\Downloads\Firefox Setup 35.0 - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 20:51 - 00001528 _____ () C:\Users\bubba7420\Downloads\ChromeSetup - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 20:51 - 00001121 _____ () C:\Users\bubba7420\Downloads\CrucialScan (4) - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 20:51 - 00001121 _____ () C:\Users\bubba7420\Downloads\CrucialScan (3) - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 20:51 - 00001121 _____ () C:\Users\bubba7420\Downloads\CrucialScan (2) - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 20:51 - 00001121 _____ () C:\Users\bubba7420\Downloads\CrucialScan (1) - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 20:51 - 00001101 _____ () C:\Users\bubba7420\Downloads\CrucialScan - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 17:28 - 00001825 _____ () C:\Users\bubba7420\Downloads\Win_eight64_NVIDIA Forceware 310.90 notebook - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 17:28 - 00001771 _____ () C:\Users\bubba7420\Downloads\LeagueofLegends_NA_Installer_9_15_2014 - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 17:28 - 00001681 _____ () C:\Users\bubba7420\Downloads\Popcorn-Time-0.3.6-Setup (1) - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 17:28 - 00001681 _____ () C:\Users\bubba7420\Downloads\Hotfix for Design V10.5.0.27 - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 17:28 - 00001672 _____ () C:\Users\bubba7420\Downloads\Visualizer-for-SketchUp.1.1 - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 17:28 - 00001663 _____ () C:\Users\bubba7420\Downloads\TeamViewerQS_en-idcvn25786 - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 17:28 - 00001618 _____ () C:\Users\bubba7420\Downloads\mbam-setup-2.0.3.1025 - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 17:28 - 00001582 _____ () C:\Users\bubba7420\Downloads\iTunes64Setup (1) - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 17:28 - 00001573 _____ () C:\Users\bubba7420\Downloads\mbar-1.08.3.1004 - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 17:28 - 00001555 _____ () C:\Users\bubba7420\Downloads\rootkitremover - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 17:28 - 00001546 _____ () C:\Users\bubba7420\Downloads\iTunes64Setup - Shortcut.lnk
2015-01-22 17:28 - 2015-01-22 17:28 - 00001166 _____ () C:\Users\bubba7420\Downloads\Popcorn-Time-0.3.6-Setup - Shortcut.lnk
2015-01-22 17:02 - 2015-01-23 22:37 - 60998131 _____ () C:\Users\bubba7420\Desktop\FURNITURE IDEAS.kit
2015-01-22 17:02 - 2015-01-23 22:35 - 60998131 _____ () C:\Users\bubba7420\Desktop\FURNITURE IDEAS.bak
2015-01-22 13:32 - 2015-01-22 13:32 - 39914832 _____ () C:\Users\bubba7420\Downloads\Firefox Setup 35.0.exe
2015-01-21 16:52 - 2015-01-21 17:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-21 16:52 - 2015-01-21 16:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 16:50 - 2015-01-21 16:50 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 16:49 - 2015-01-21 16:49 - 00000296 _____ () C:\Users\bubba7420\Downloads\RootkitRemover_20150121_164909.log
2015-01-21 14:43 - 2015-01-21 14:43 - 00000416 _____ () C:\Users\bubba7420\Downloads\[kickass.so]shwayz.shwayze.summer.2013.256.torrent.torrent
2015-01-21 13:07 - 2015-01-21 13:07 - 00000885 _____ () C:\Users\bubba7420\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-21 09:36 - 2015-01-21 09:36 - 00880784 _____ (Google Inc.) C:\Users\bubba7420\Downloads\ChromeSetup.exe
2015-01-21 05:47 - 2015-01-21 05:47 - 01346977 _____ () C:\Users\bubba7420\Downloads\BA46.dwg
2015-01-20 22:37 - 2015-01-20 22:37 - 01431460 _____ () C:\Users\bubba7420\Downloads\CSO30TE-S-TH (2).DWG
2015-01-20 22:20 - 2015-01-21 02:54 - 00000063 ____H () C:\Users\bubba7420\Desktop\725 gulfshore blvd_kitchen_1_21.dwg.dwg
2015-01-17 02:19 - 2015-02-14 16:35 - 01999454 _____ () C:\Users\bubba7420\Desktop\725 gulfshore blvd_kitchen_1_15.dwg
2015-01-17 02:19 - 2015-02-14 01:36 - 01998952 _____ () C:\Users\bubba7420\Desktop\725 gulfshore blvd_kitchen_1_15.bak
2015-01-16 20:15 - 2015-01-16 20:46 - 00000000 ____D () C:\Users\bubba7420\Downloads\Teenage Mutant Ninja Turtles (2014) [1080p]
2015-01-16 14:31 - 2015-01-16 14:31 - 00000060 ____H () C:\Users\bubba7420\Downloads\MullionDoor_G.dwl
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 17:09 - 2014-08-04 13:16 - 00000000 ____D () C:\Users\bubba7420\AppData\Roaming\Skype
2015-02-15 17:05 - 2014-08-04 14:39 - 01373581 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 17:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-15 16:58 - 2014-08-04 20:46 - 00000000 ____D () C:\Users\bubba7420\AppData\Local\CrashDumps
2015-02-15 16:58 - 2014-08-04 12:31 - 00000000 ____D () C:\Temp
2015-02-15 16:55 - 2014-08-15 01:17 - 00005006 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SCUBAMAN2009-bubba7420 SCUBAMAN2009
2015-02-15 16:50 - 2014-09-19 21:00 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 16:50 - 2013-08-22 09:46 - 00024504 _____ () C:\Windows\setupact.log
2015-02-15 16:50 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 16:50 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-15 16:49 - 2014-08-04 11:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-15 16:49 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-15 16:41 - 2014-09-19 20:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 16:28 - 2014-09-19 21:00 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 16:17 - 2014-10-10 15:18 - 00000386 _____ () C:\Windows\Tasks\Indexing Task - bubba7420.job
2015-02-15 16:02 - 2014-08-06 12:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-15 15:51 - 2014-08-04 14:43 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EC6E30AF-41D7-461F-A0AA-2DE72C7924F9}
2015-02-15 15:48 - 2015-01-09 19:07 - 00595968 ___SH () C:\Users\bubba7420\Desktop\Thumbs.db
2015-02-15 15:48 - 2014-08-06 12:00 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-15 00:14 - 2014-08-22 19:25 - 00036888 _____ () C:\Users\bubba7420\Documents\acltstk.dmp
2015-02-14 18:48 - 2014-08-04 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-14 18:44 - 2014-10-18 13:03 - 37987328 ___SH () C:\Users\bubba7420\Downloads\Thumbs.db
2015-02-14 15:27 - 2014-12-18 02:23 - 00002210 _____ () C:\Users\bubba7420\Downloads\acltstk.dmp
2015-02-14 11:24 - 2014-08-04 11:44 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2035716259-1072719170-3345313272-1001
2015-02-14 10:14 - 2014-08-06 14:28 - 00000000 ____D () C:\Users\bubba7420\Downloads\v
2015-02-14 09:50 - 2014-08-04 13:14 - 00000000 ____D () C:\Users\bubba7420\AppData\Roaming\uTorrent
2015-02-14 08:27 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-13 22:26 - 2014-12-08 19:56 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-13 22:25 - 2014-12-08 19:56 - 00000000 ____D () C:\Program Files\iPod
2015-02-13 22:25 - 2014-12-08 19:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-13 22:25 - 2014-12-08 19:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-13 13:39 - 2013-08-22 09:44 - 00588104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 13:37 - 2014-08-04 14:28 - 00294534 _____ () C:\Windows\PFRO.log
2015-02-13 13:35 - 2014-12-12 17:11 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 13:35 - 2014-08-09 13:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 04:04 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-11 03:37 - 2014-08-05 09:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 16:03 - 2014-08-09 22:46 - 00054172 _____ () C:\datamanager.log
2015-02-07 02:53 - 2014-10-13 18:14 - 52337391 _____ () C:\Users\bubba7420\Desktop\725 Gulf Shore.dwfx
2015-02-06 18:56 - 2014-10-02 15:04 - 00000000 ____D () C:\Program Files (x86)\Bovada Casino
2015-02-06 02:29 - 2014-09-19 21:01 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 00:37 - 2014-08-04 21:39 - 00000000 ____D () C:\Users\bubba7420\AppData\Local\Adobe
2015-02-04 19:23 - 2014-09-19 21:00 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 19:23 - 2014-09-19 21:00 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 13:41 - 2014-09-19 20:27 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 14:31 - 2014-11-13 11:17 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2014-11-13 11:17 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 13:09 - 2014-08-04 19:22 - 00000000 ____D () C:\Program Files (x86)\AutoCAD LT 2004
2015-02-02 13:08 - 2014-08-04 19:22 - 00001970 _____ () C:\Users\Public\Desktop\AutoCAD LT 2004.lnk
2015-02-02 01:29 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-01 04:29 - 2014-08-04 14:39 - 00000000 ____D () C:\Users\bubba7420
2015-01-29 05:14 - 2014-08-04 13:36 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-01-28 18:33 - 2014-08-06 13:17 - 00001566 _____ () C:\Users\Public\Desktop\Harmony.lnk
2015-01-27 13:37 - 2014-08-23 23:24 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-27 13:35 - 2014-10-29 21:29 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-27 13:34 - 2014-10-29 21:30 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-27 13:34 - 2014-10-29 21:29 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-27 13:34 - 2014-10-29 21:29 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-27 13:34 - 2014-10-29 21:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 16:41 - 2014-08-04 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-23 00:42 - 2014-10-07 19:51 - 00000000 ____D () C:\Users\bubba7420\Desktop\images
2015-01-22 23:50 - 2014-08-04 13:26 - 00000000 ____D () C:\Users\bubba7420\AppData\Roaming\SketchUp
2015-01-22 23:45 - 2014-08-04 13:22 - 00000000 ____D () C:\ProgramData\SketchUp
2015-01-22 23:42 - 2014-11-14 23:58 - 00000000 ____D () C:\Users\bubba7420\Downloads\Google SketchUp Pro 2015 15.0.9351 (32-64 Bit) + Crack-[MUMBAI1@ThePirateBay]
2015-01-22 13:35 - 2014-08-04 12:47 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-22 13:35 - 2014-08-04 12:47 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-21 16:52 - 2014-11-29 14:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-21 13:07 - 2014-08-04 13:15 - 00000905 _____ () C:\Users\bubba7420\Desktop\µTorrent.lnk
2015-01-21 00:18 - 2014-12-08 20:00 - 00000000 ____D () C:\Users\bubba7420\AppData\Roaming\Apple Computer
2015-01-19 18:58 - 2014-08-04 14:42 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 05:18 - 2014-08-04 14:39 - 00000000 ____D () C:\Users\bubba7420\AppData\Local\Packages
2015-01-16 20:42 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
 
==================== Files in the root of some directories =======
 
2014-11-01 19:30 - 2014-11-13 11:27 - 0000004 _____ () C:\Users\bubba7420\AppData\Roaming\appdataFr2.bin
2014-10-14 12:02 - 2014-10-14 12:02 - 0000303 _____ () C:\Users\bubba7420\AppData\Roaming\FotoSketcher.ini
2015-02-15 16:50 - 2015-02-15 16:50 - 0000000 ____H () C:\ProgramData\cm-lock
 
Some content of TEMP:
====================
C:\Users\bubba7420\AppData\Local\Temp\Quarantine.exe
C:\Users\bubba7420\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-09 14:51
 
==================== End Of Log ============================
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by bubba7420 at 2015-02-15 17:09:50
Running from C:\Users\bubba7420\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aide PDF to DWG Converter 10.0 (HKLM-x32\...\Aide PDF to DWG Converter_is1) (Version:  - Aide CAD Systems Incorporated.)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
AutoCAD LT 2004 (HKLM-x32\...\{5783F2D7-0209-0409-0000-0060B0CE6BBA}) (Version: 16.0.0.086 - Autodesk)
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk DWG TrueView 2015 - English (HKLM\...\DWG TrueView 2015 - English) (Version: 20.0.51.0 - Autodesk)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bovada Casino  (HKLM-x32\...\Bovada Casino) (Version:  - Bovada)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
CCW Special Cabinet Estimate (HKLM-x32\...\ST6UNST #1) (Version:  - )
CodeMeter Runtime Kit v5.00 (HKLM\...\{5FE750E9-5EB2-477C-86D2-4D886ABB0D01}) (Version: 5.00.1057.500 - WIBU-SYSTEMS AG)
Crystal Architectural Catalog 02.14 (HKLM-x32\...\Crystal Architectural Catalog) (Version: 02.14 - Crystal Cabinet Works Inc.)
Crystal Cabinet Works (HKLM-x32\...\{055534B1-9BE5-44E5-920B-1942B319C4A6}) (Version: 1.0.3 - 20-20 Technologies)
Crystal Product Catalog 10.14 (HKLM-x32\...\Crystal Product Catalog) (Version: 10.14 - Crystal Cabinet Works Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Design (HKLM-x32\...\{5F3B91BB-92E0-4A9F-BD29-15CF6D29031D}) (Version: 10.5.0.27 - 20-20 Technologies)
Dropbox (HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DWG TrueView 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
FotoSketcher 2.99 (HKLM-x32\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Harmony 3.80.1865 (HKLM-x32\...\Harmony) (Version: 3.80.1865 - Crystal Cabinet Works Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
Sentinel Protection Installer 7.5.0 (HKLM-x32\...\{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}) (Version: 7.5.0 - SafeNet, Inc.)
SHARP MX/MX-M Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2310U PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
Sharpdesk (HKLM-x32\...\{8664FCE8-F91A-42BC-927C-AA318185E5EA}) (Version: 3.3 - SHARP CORPORATION)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.13 - Stardock Software, Inc.)
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.41 - Stardock Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TunnelBear (HKLM-x32\...\{f9cc160f-ca8c-4098-84e2-39b7b9625569}) (Version: 2.3.6.0 - TunnelBear)
TunnelBear (x32 Version: 2.3.6.0 - TunnelBear) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.1.2.08070 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.0.0.04160 - Sony Corporation)
Visualizer for SketchUp (HKLM\...\{4CBF1403-23FC-48BC-93FA-125DA7C3069E}) (Version: 1.1.11.0 - Imagination)
Wibu Share 64 Dll (HKLM-x32\...\{3359F638-219D-45DD-87A3-02718F299D8D}) (Version: 1.0.0 - 20-20 Technologies)
Windows Driver Package - Ricoh Company (risdsnpe) hdc  (12/25/2009 6.13.03.02) (HKLM\...\181DCE8F6E8325736063FE20BB12023D439F671C) (Version: 12/25/2009 6.13.03.02 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (12/21/2009 6.13.03.02) (HKLM\...\398F0BAAFBB5C68EB2C413A98F8C385C3E0897D6) (Version: 12/21/2009 6.13.03.02 - Ricoh Company)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (11/27/2009 8.0.1.2) (HKLM\...\4E827A70BAA738C408DBDD024BCACE5085D946F1) (Version: 11/27/2009 8.0.1.2 - Sony Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wondershare Dr.Fone for iOS(Build 5.3.1.2) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 5.3.1.2 - Wondershare Software Co.,Ltd.)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\bubba7420\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\bubba7420\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2035716259-1072719170-3345313272-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubba7420\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
29-01-2015 10:43:22 Windows Update
05-02-2015 13:01:21 Scheduled Checkpoint
11-02-2015 03:36:46 TunnelBear
14-02-2015 08:24:04 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02A69894-5CF0-4FD6-9589-34C59EBBEA68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {34F6175D-80D6-4987-AFB1-C6695645CCBC} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3500536B-1E76-4842-AA9F-F071BFC5C834} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {43B2CDDB-9A9F-4DEC-AA4A-543E60D65C1E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SCUBAMAN2009-bubba7420 SCUBAMAN2009 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {519A6E25-7945-4494-98C2-0F66F5D9E547} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
Task: {5807AC7B-4BFD-46A1-B799-2B90EBFD74C3} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2013-05-28] (Sony Corporation)
Task: {665892A5-374F-4459-A0B2-3645587F3FA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {6CEF5E54-52D8-4457-990C-FC60D46E3EB5} - System32\Tasks\Indexing Task - bubba7420 => C:\Program Files (x86)\Sharp\Sharpdesk\IndexTask.exe [2010-12-02] (SHARP CORPORATION)
Task: {892CCBC2-24AB-46FE-9413-C5A7804B8422} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {905410A6-D104-4442-8DC7-6B2EE72FD329} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A16AF0BA-3EEC-498F-A494-0E3C18A564BA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {A5C9582F-7825-4373-950D-6B76998AFD43} - System32\Tasks\{093437DD-5915-4CE2-897C-A1CF4576ECF7} => pcalua.exe -a C:\Users\bubba7420\Downloads\dacor10.exe -d C:\Users\bubba7420\Downloads
Task: {B234448F-6E1D-4BD5-9DCA-76D9917A2769} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
Task: {D7E5ACBA-A859-4AB4-B742-6B6FE7C8F846} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-15] (Microsoft Corporation)
Task: {DA1FAC02-315C-45E1-AC8E-584348C3F416} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2035716259-1072719170-3345313272-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {F6EDA5A6-1BFE-4B81-9347-1A4A98D5C13F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Indexing Task - bubba7420.job => C:\Program Files (x86)\Sharp\Sharpdesk\IndexTask.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-08-04 11:47 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-07 11:10 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-10 12:41 - 2015-02-10 12:41 - 00034240 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
2014-11-21 10:23 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-07 17:32 - 2012-01-20 13:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2007-09-17 08:09 - 2007-09-17 08:09 - 00187044 _____ () c:\postgres\bin\libpq.dll
2003-02-01 14:51 - 2003-02-01 14:51 - 00051016 _____ () c:\postgres\bin\libintl-2.dll
2003-01-31 17:41 - 2003-01-31 17:41 - 00916849 _____ () c:\postgres\bin\libiconv-2.dll
2014-08-04 14:51 - 2009-11-20 14:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-11-21 10:23 - 2014-11-21 10:23 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-02-06 02:29 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 02:29 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 02:29 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Constant Guard.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\StartupApproved\Run: => "uTorrent"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2035716259-1072719170-3345313272-500 - Administrator - Disabled)
bubba7420 (S-1-5-21-2035716259-1072719170-3345313272-1001 - Administrator - Enabled) => C:\Users\bubba7420
Guest (S-1-5-21-2035716259-1072719170-3345313272-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2035716259-1072719170-3345313272-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/15/2015 04:58:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nsapp.exe, version: 3.3.0.298, time stamp: 0x4cf781f7
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000005
Fault offset: 0x00049436
Faulting process id: 0x1d74
Faulting application start time: 0xnsapp.exe0
Faulting application path: nsapp.exe1
Faulting module path: nsapp.exe2
Report Id: nsapp.exe3
Faulting package full name: nsapp.exe4
Faulting package-relative application ID: nsapp.exe5
 
Error: (02/15/2015 04:58:07 PM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )
Description: The thread attempted to read from or write to a virtual address for which it does not have the appropriate access.  (0x8215202e)
 
Error: (02/15/2015 04:58:05 PM) (Source: MsiInstaller) (EventID: 11706) (User: SCUBAMAN2009)
Description: Product: Sharpdesk -- Error 1706.No valid source could be found for product Sharpdesk.  The Windows Installer cannot continue.
 
Error: (02/15/2015 04:57:58 PM) (Source: MsiInstaller) (EventID: 11706) (User: SCUBAMAN2009)
Description: Product: Sharpdesk -- Error 1706.No valid source could be found for product Sharpdesk.  The Windows Installer cannot continue.
 
Error: (02/15/2015 04:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nsapp.exe, version: 3.3.0.298, time stamp: 0x4cf781f7
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000005
Fault offset: 0x00041ad8
Faulting process id: 0x7ec
Faulting application start time: 0xnsapp.exe0
Faulting application path: nsapp.exe1
Faulting module path: nsapp.exe2
Report Id: nsapp.exe3
Faulting package full name: nsapp.exe4
Faulting package-relative application ID: nsapp.exe5
 
Error: (02/15/2015 03:55:10 PM) (Source: MsiInstaller) (EventID: 11706) (User: SCUBAMAN2009)
Description: Product: Sharpdesk -- Error 1706.No valid source could be found for product Sharpdesk.  The Windows Installer cannot continue.
 
Error: (02/15/2015 03:55:03 PM) (Source: MsiInstaller) (EventID: 11706) (User: SCUBAMAN2009)
Description: Product: Sharpdesk -- Error 1706.No valid source could be found for product Sharpdesk.  The Windows Installer cannot continue.
 
Error: (02/15/2015 03:54:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nsapp.exe, version: 3.3.0.298, time stamp: 0x4cf781f7
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000005
Fault offset: 0x00041ad6
Faulting process id: 0x2680
Faulting application start time: 0xnsapp.exe0
Faulting application path: nsapp.exe1
Faulting module path: nsapp.exe2
Report Id: nsapp.exe3
Faulting package full name: nsapp.exe4
Faulting package-relative application ID: nsapp.exe5
 
Error: (02/15/2015 00:14:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15344
 
Error: (02/15/2015 00:14:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15344
 
 
System errors:
=============
Error: (02/15/2015 04:50:54 PM) (Source: DCOM) (EventID: 10016) (User: SCUBAMAN2009)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SCUBAMAN2009bubba7420S-1-5-21-2035716259-1072719170-3345313272-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/15/2015 04:50:53 PM) (Source: DCOM) (EventID: 10016) (User: SCUBAMAN2009)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SCUBAMAN2009bubba7420S-1-5-21-2035716259-1072719170-3345313272-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/15/2015 04:50:53 PM) (Source: DCOM) (EventID: 10016) (User: SCUBAMAN2009)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SCUBAMAN2009bubba7420S-1-5-21-2035716259-1072719170-3345313272-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/15/2015 04:50:53 PM) (Source: DCOM) (EventID: 10016) (User: SCUBAMAN2009)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SCUBAMAN2009bubba7420S-1-5-21-2035716259-1072719170-3345313272-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/15/2015 04:50:53 PM) (Source: DCOM) (EventID: 10016) (User: SCUBAMAN2009)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SCUBAMAN2009bubba7420S-1-5-21-2035716259-1072719170-3345313272-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/15/2015 04:49:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%1069
 
Error: (02/15/2015 04:49:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (02/15/2015 04:49:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (02/15/2015 04:49:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (02/15/2015 04:49:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
 
Microsoft Office Sessions:
=========================
Error: (02/15/2015 04:58:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nsapp.exe3.3.0.2984cf781f7ntdll.dll6.3.9600.1763054b0d74fc0000005000494361d7401d0496a782a39adC:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exeC:\Windows\SYSTEM32\ntdll.dllb90ae133-b55d-11e4-828a-54424961b99e
 
Error: (02/15/2015 04:58:07 PM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )
Description: The thread attempted to read from or write to a virtual address for which it does not have the appropriate access.  (0x8215202e)
 
Error: (02/15/2015 04:58:05 PM) (Source: MsiInstaller) (EventID: 11706) (User: SCUBAMAN2009)
Description: Product: Sharpdesk -- Error 1706.No valid source could be found for product Sharpdesk.  The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/15/2015 04:57:58 PM) (Source: MsiInstaller) (EventID: 11706) (User: SCUBAMAN2009)
Description: Product: Sharpdesk -- Error 1706.No valid source could be found for product Sharpdesk.  The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/15/2015 04:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nsapp.exe3.3.0.2984cf781f7ntdll.dll6.3.9600.1763054b0d74fc000000500041ad87ec01d0496a6028654aC:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exeC:\Windows\SYSTEM32\ntdll.dlla1b02564-b55d-11e4-828a-54424961b99e
 
Error: (02/15/2015 03:55:10 PM) (Source: MsiInstaller) (EventID: 11706) (User: SCUBAMAN2009)
Description: Product: Sharpdesk -- Error 1706.No valid source could be found for product Sharpdesk.  The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/15/2015 03:55:03 PM) (Source: MsiInstaller) (EventID: 11706) (User: SCUBAMAN2009)
Description: Product: Sharpdesk -- Error 1706.No valid source could be found for product Sharpdesk.  The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/15/2015 03:54:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nsapp.exe3.3.0.2984cf781f7ntdll.dll6.3.9600.1763054b0d74fc000000500041ad6268001d0496194c775dcC:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exeC:\Windows\SYSTEM32\ntdll.dlld61f740e-b554-11e4-8289-54424961b99e
 
Error: (02/15/2015 00:14:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15344
 
Error: (02/15/2015 00:14:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15344
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 37%
Total physical RAM: 6126.05 MB
Available physical RAM: 3816.5 MB
Total Pagefile: 7150.05 MB
Available Pagefile: 3833.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.17 GB) (Free:797.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 41FCD3DE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:32 PM

Posted 16 February 2015 - 11:22 AM

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:11:32 PM

Posted 16 February 2015 - 12:02 PM

still is doing the redirect thing



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:32 PM

Posted 16 February 2015 - 12:31 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   3.18KB   2 downloads

 

How is the machine running after this?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:11:32 PM

Posted 16 February 2015 - 12:55 PM

ok im confused where does this need to be saved to u said it has to be in the same location as the FRST/FRST64 location but u also said it has to be saved to the desktop...also where do i go to run this script



#8 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:11:32 PM

Posted 16 February 2015 - 01:30 PM

nvm i got it...ran the fix..still redirects to a different page... says to call some number my computer is infected with something

 

please see fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by bubba7420 at 2015-02-16 13:02:19 Run:2
Running from C:\Users\bubba7420\Desktop
Loaded Profiles: bubba7420 (Available profiles: bubba7420)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 MFE_RR; \??\C:\Users\BUBBA7~1\AppData\Local\Temp\mfe_rr.sys [X]
R2 pgsql-8.2; c:/postgres/bin/pg_ctl.exe runservice -N "pgsql-8.2" -D "c:/postgres/data" [X]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HomePage: Default -> hxxp://www.symbaloo.com/
CHR StartupUrls: Default -> "hxxp://www.symbaloo.com/", "hxxp://google.com/"
CHR Profile: C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\artur.dubovoy@gmail.com [2015-02-15]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\Run: [uTorrent] => C:\Users\bubba7420\AppData\Roaming\uTorrent\uTorrent.exe [1677904 2015-01-21] (BitTorrent Inc.)
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2587072 2015-02-10] (TunnelBear)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SonyNBSetupAfterReboot] => C:\Users\BUBBA7~1\AppData\Local\Temp\GLF3ACF\SonyNBSetup.exe <===== ATTENTION
Emptytemp:
*****************
 
AntiLog32 => Service not found.
MFE_RR => Service not found.
pgsql-8.2 => Service not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => Key not found. 
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => Key not found. 
Chrome HomePage not detected.
Chrome StartupUrls not detected.
CHR Profile: C:\Users\bubba7420\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
C:\Users\bubba7420\AppData\Roaming\Mozilla\Firefox\Profiles\fuw03owc.default\Extensions\artur.dubovoy@gmail.com not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Policies\Google => Key not found. 
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value not found.
HKU\S-1-5-21-2035716259-1072719170-3345313272-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TunnelBear => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SonyNBSetupAfterReboot => Value not found.
EmptyTemp: => Removed 120.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:03:00 ====


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:32 PM

Posted 16 February 2015 - 02:53 PM

We need to reset chrome to it orginal state.

 let me know if it still redirects after this


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:32 PM

Posted 19 February 2015 - 02:57 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 scubaman2009

scubaman2009
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FLORIDA
  • Local time:11:32 PM

Posted 19 February 2015 - 03:53 PM

hi yes im here sorry for the delayed response...i reset chrome and that seems to have fixed the problem, with the fixes we did prior. wanted to test it for a day to check and make sure it wasnt just a fluke..but so far so good...thank you so much for all of your help its greatly appreciated



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:32 PM

Posted 19 February 2015 - 04:27 PM

Lets make one final check for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

2.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:32 PM

Posted 22 February 2015 - 01:50 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:32 PM

Posted 24 February 2015 - 06:18 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users