Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BloCKUTubeAd (installed by enterprise policy) removal from Chrome Extension


  • This topic is locked This topic is locked
44 replies to this topic

#1 arelles

arelles

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas City
  • Local time:04:33 PM

Posted 06 February 2014 - 02:10 PM

In performing routine cleanup of Chrome, I discovered the above extension.  In attempting to disable/remove I have:

uninstalled similar programs (misspelled) from Control Panel Add/Remove;

Uninstalled Chrome, reinstalled, repeated twice, Ccleaner, SpyBot S&D, Malwarebytes, and ADWCleaner to no avail.

Thanks in advance to all!  (please be patient with me, I only have access to this machine during work hours, and that thing called work gets in the way sometimes. :)

 

As requested:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by HEPACart at 12:48:08 on 2014-02-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8061.1196 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Canon\nsc\wnappsrv.exe
C:\Program Files (x86)\Canon\nsc\wnwebsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
c:\program files\soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\PFU\CardMinder\CardLauncher.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files (x86)\Alchemy Elixir\Control.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe
C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxtray.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Users\HEPACart\appdata\roaming\dropbox\bin\dropbox.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\dinotify.exe
C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Users\HEPACart\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
uDefault_Page_URL = www.powerspec.com
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Kensington TrackballWorks] "C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [uTorrent] C:\Users\HEPACart\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED
uRunOnce: [Uninstall C:\Users\HEPACart\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\HEPACart\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
mRun: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
mRun: [DMXLauncher] "C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe"
mRun: [K3805] "C:\Program Files (x86)\Alchemy Elixir\control.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\HEPACart\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CHATTE~1.LNK - C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe
StartupFolder: C:\Users\HEPACart\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KAREN'~1.LNK - C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - C:\Program Files (x86)\PFU\CardMinder\CardLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONVER~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D7E8872D-DA37-40AB-8471-CE2B1A864599} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~3\networ~1\networ~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://portal.hosted-commerce.net
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\HEPACart\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\HEPACart\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-6 52856]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-1-31 54728]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-29 39768]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-12-5 71032]
R2 Canon NetSpot Console Server;Canon NetSpot Console;C:\Program Files (x86)\Canon\nsc\wnappsrv.exe [2003-9-30 36864]
R2 Canon NetSpot Web Service;Canon NetSpot Console Web Service;C:\Program Files (x86)\Canon\nsc\wnwebsrv.exe [2006-3-31 57344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-26 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-26 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-26 168384]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-1-27 183264]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-1-27 553440]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-9-18 287960]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 tbwkern;Kensington TrackballWorks driver;C:\Windows\System32\drivers\tbwkern.sys [2011-6-13 32848]
S2 2384af53;Network Acceleration;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-12-5 393080]
S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-12-5 384888]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-1-3 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-12-27 37344]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-11-25 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-24 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-1-27 1239552]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-24 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-13 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-02-06 15:02:57    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E94B4716-3517-454C-A154-F8F09F0A9FDF}\mpengine.dll
2014-02-05 15:03:48    10315576    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-05 07:12:08    5556104    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-02-03 22:35:31    --------    d-----w-    C:\Program Files (x86)\BloCKUTubeAd
2014-01-31 07:00:22    --------    d-----w-    C:\ProgramData\BloCKUTubeAd
2014-01-31 07:00:20    --------    d-----w-    C:\ProgramData\hepmfhomngnhgigoddlgcjhakholphmm
2014-01-23 14:58:35    --------    d-----w-    C:\Windows\ERUNT
2014-01-23 14:17:19    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43D8276C-245D-4C71-9EFF-C2CC9048CB7B}\gapaengine.dll
2014-01-23 14:15:28    --------    d-----w-    C:\AdwCleaner
2014-01-17 14:23:25    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 05:24:21    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 05:24:21    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 05:24:21    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 05:24:21    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 05:24:21    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 05:24:21    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 05:24:21    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 05:24:20    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-15 05:24:19    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-14 22:45:21    --------    d-----w-    C:\Users\HEPACart\AppData\Roaming\SUPERAntiSpyware.com
2014-01-14 22:45:11    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-01-14 22:45:11    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
.
==================== Find3M  ====================
.
2014-02-05 08:12:13    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 08:12:13    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-03 18:04:32    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 12:49:07.56 ===============

My concern is that my clients will soon be hit with this malware, and I'll need the tools and know how to remove it from those computers. 

Again, many thanks for your assistance.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 10,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 11 February 2014 - 02:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523415 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 arelles

arelles
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas City
  • Local time:04:33 PM

Posted 11 February 2014 - 03:39 PM

Hello, as requested, here is a fresh DDS report.

Request:

BloCKUTubeAd (installed by enterprise policy) removal from Chrome Extension

Actions taken:

Posted 06 February 2014 - 01:10 PM

In performing routine cleanup of Chrome, I discovered the above extension.  In attempting to disable/remove I have:

uninstalled similar programs (misspelled) from Control Panel Add/Remove;

Uninstalled Chrome, reinstalled, repeated twice, Ccleaner, SpyBot S&D, Malwarebytes, and ADWCleaner to no avail.

Thanks in advance to all!  (please be patient with me, I only have access to this machine during work hours, and that thing called work gets in the way sometimes.

 

I have performed no further cleanup steps, as instructed.

Truly appreciate the help, and completely understand being overwhelmed!  Thank you!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by HEPACart at 14:31:14 on 2014-02-11
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8061.1250 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Canon\nsc\wnappsrv.exe
C:\Program Files (x86)\Canon\nsc\wnwebsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
c:\program files\soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\PFU\CardMinder\CardLauncher.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files (x86)\Alchemy Elixir\Control.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe
C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxtray.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Users\HEPACart\appdata\roaming\dropbox\bin\dropbox.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\dinotify.exe
C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Windows\system32\taskeng.exe
C:\Users\HEPACart\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\System32\WUDFHost.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
uDefault_Page_URL = www.powerspec.com
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Kensington TrackballWorks] "C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [uTorrent] C:\Users\HEPACart\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED
uRunOnce: [Uninstall C:\Users\HEPACart\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\HEPACart\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
mRun: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
mRun: [DMXLauncher] "C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe"
mRun: [K3805] "C:\Program Files (x86)\Alchemy Elixir\control.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\HEPACart\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CHATTE~1.LNK - C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe
StartupFolder: C:\Users\HEPACart\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KAREN'~1.LNK - C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - C:\Program Files (x86)\PFU\CardMinder\CardLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONVER~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D7E8872D-DA37-40AB-8471-CE2B1A864599} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~3\networ~1\networ~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://portal.hosted-commerce.net
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\HEPACart\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\HEPACart\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-6 52856]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-1-31 54728]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-29 39768]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-12-5 71032]
R2 Canon NetSpot Console Server;Canon NetSpot Console;C:\Program Files (x86)\Canon\nsc\wnappsrv.exe [2003-9-30 36864]
R2 Canon NetSpot Web Service;Canon NetSpot Console Web Service;C:\Program Files (x86)\Canon\nsc\wnwebsrv.exe [2006-3-31 57344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-26 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-26 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-26 168384]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-1-27 183264]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-1-27 553440]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-9-18 287960]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 tbwkern;Kensington TrackballWorks driver;C:\Windows\System32\drivers\tbwkern.sys [2011-6-13 32848]
S2 2384af53;Network Acceleration;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-12-5 393080]
S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-12-5 384888]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-1-3 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-12-27 37344]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-11-25 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-24 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-1-27 1239552]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-24 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-13 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-02-11 15:04:37    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBD46FAF-E1CA-4649-A24F-FCEBE875B698}\mpengine.dll
2014-02-10 15:03:43    10315576    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-07 03:29:18    31856    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\CommandExecuteHandler.exe
2014-02-05 07:12:08    5556104    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-02-03 22:35:31    --------    d-----w-    C:\Program Files (x86)\BloCKUTubeAd
2014-01-31 07:00:22    --------    d-----w-    C:\ProgramData\BloCKUTubeAd
2014-01-31 07:00:20    --------    d-----w-    C:\ProgramData\hepmfhomngnhgigoddlgcjhakholphmm
2014-01-23 14:58:35    --------    d-----w-    C:\Windows\ERUNT
2014-01-23 14:17:19    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43D8276C-245D-4C71-9EFF-C2CC9048CB7B}\gapaengine.dll
2014-01-23 14:15:28    --------    d-----w-    C:\AdwCleaner
2014-01-17 14:23:25    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 05:24:21    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 05:24:21    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 05:24:21    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 05:24:21    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 05:24:21    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 05:24:21    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 05:24:21    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 05:24:20    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-15 05:24:19    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-14 22:45:21    --------    d-----w-    C:\Users\HEPACart\AppData\Roaming\SUPERAntiSpyware.com
2014-01-14 22:45:11    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-01-14 22:45:11    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
.
==================== Find3M  ====================
.
2014-02-05 08:12:13    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 08:12:13    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-03 18:04:32    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 14:32:34.75 ===============
 



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:33 PM

Posted 12 February 2014 - 11:10 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------
 

LlJESjW.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------


Posted Image
 
Posted Image
 
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.


If you are satisfied with the help that you have received, please consider a donation. Posted Image

#5 arelles

arelles
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas City
  • Local time:04:33 PM

Posted 12 February 2014 - 05:11 PM

Jeff, thanks so much for your help.

The only thing obviously affected is Google Chrome, and even that is fairly mild, I just don't want the extension in there on a business computer.  And I'd like to know how to remove from my computer repair clients when that arises.

Again, thanks, and bear with me, as I only have access to this machine during business hours.

 

ADWCleaner:

# AdwCleaner v3.018 - Report created 12/02/2014 at 14:33:20
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : HEPACart - HEPACART-DT
# Running from : C:\Users\HEPACart\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default\prefs.js ]

Line Found : user_pref("extensions.14aBN349ChL.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/ressbar.com[^f]+fid=65[...]

-\\ Google Chrome v

[ File : C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12543 octets] - [23/01/2014 08:15:59]
AdwCleaner[R1].txt - [1043 octets] - [12/02/2014 14:33:20]
AdwCleaner[S0].txt - [12166 octets] - [23/01/2014 08:27:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1164 octets] ##########
 

 

MBAR scan:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.666000 GHz
Memory total: 8452718592, free: 925331456

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.666000 GHz
Memory total: 8452718592, free: 940384256

Downloaded database version: v2014.02.12.10
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
     02/12/2014 15:09:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spoc.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\Soluto.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\e1y62x64.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\tbwkern.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\HidBatt.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStorV.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa800a778790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xfffffa800a465b60
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa800a778790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xfffffa800a465b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800a75f790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xfffffa800a0ab060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800a779790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000082\
Lower Device Object: 0xfffffa800a0ac060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800a75e300
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xfffffa8009e75060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800a20c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007c\
Lower Device Object: 0xfffffa8006d8eb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8008a2f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8007b91050
Lower Device Driver Name: \Driver\iaStorV\
Driver name found: iaStorV
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008a2e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa8007b97050
Lower Device Driver Name: \Driver\iaStorV\
Driver name found: iaStorV
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8008a2d060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007b93050
Lower Device Driver Name: \Driver\iaStorV\
Driver name found: iaStorV
<<<2>>>
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8008a2f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008a2fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008a2f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007b91050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a01bfa9340, 0xfffffa8008a2f060, 0xfffffa801c6d1790
Lower DeviceData: 0xfffff8a02df49340, 0xfffffa8007b91050, 0xfffffa80233b8e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008a2d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008852960, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008a2d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007b93050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a02da5f340, 0xfffffa8008a2d060, 0xfffffa801bf61330
Lower DeviceData: 0xfffff8a01d9f5bb0, 0xfffffa8007b93050, 0xfffffa80198888a0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3411C076

Partition information:

    Partition 0 type is Dynamic (0x42)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1985

    Partition 1 type is Dynamic (0x42)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition is not bootable

    Partition 2 type is Dynamic (0x42)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1953521664  Numsec = 1456

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008a2e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008a2d970, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008a2e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007b97050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a01cfef340, 0xfffffa8008a2e060, 0xfffffa8019fe9790
Lower DeviceData: 0xfffff8a01a535340, 0xfffffa8007b97050, 0xfffffa80144a8790
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 35AD69E5

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 976764865
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500104691712 bytes
Sector size: 512 bytes

Done!
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E49F18B2

Partition information:

    Partition 0 type is Dynamic (0x42)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1985

    Partition 1 type is Dynamic (0x42)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition is not bootable

    Partition 2 type is Dynamic (0x42)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1953521664  Numsec = 1456

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa800a20c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009fb3940, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a20c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006d8eb60, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a005247b40, 0xfffffa800a20c060, 0xfffffa8019f8f090
Lower DeviceData: 0xfffff8a037319340, 0xfffffa8006d8eb60, 0xfffffa8015530e40
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 96  Numsec = 62844576

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 32176472064 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800a75e300, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a779040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a75e300, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009e75060, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800a779790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a75f040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a779790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a0ac060, DeviceName: \Device\00000082\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800a75f790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a778040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a75f790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a0ab060, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa800a778790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a77a040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a778790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a465b60, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\ProgramData\Network Acceleration\NetworkAcceleration.dll --> [Trojan.SProtector]
Infected: C:\ProgramData\Network Acceleration\NetworkAccelerationSvc.dll --> [Trojan.SProtector]
Scan finished
 



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:33 PM

Posted 12 February 2014 - 07:50 PM

Hi,
 
There are more problems on this system that what you are seeing in Chrome.  Let's get started....
 
Do you recognize this directory or what is in it >>  C:\ProgramData\hepmfhomngnhgigoddlgcjhakholphmm
If you do, please let me know.  
------------------
 
N4qAiMQ.jpgFRST
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Posted Image
 
Posted Image
 
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.


If you are satisfied with the help that you have received, please consider a donation. Posted Image

#7 arelles

arelles
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas City
  • Local time:04:33 PM

Posted 13 February 2014 - 09:49 AM

Jeff,

I do not recognize that directory.  Here are the Farbar Scan reports.  Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01
Ran by HEPACart (administrator) on HEPACART-DT on 13-02-2014 08:30:58
Running from C:\Users\HEPACart\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(CANON INC.) C:\Program Files (x86)\Canon\nsc\wnappsrv.exe
(CANON INC.) C:\Program Files (x86)\Canon\nsc\wnwebsrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Soluto) c:\program files\soluto\soluto.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(PFU LIMITED) C:\Program Files (x86)\PFU\CardMinder\CardLauncher.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
() C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
() C:\Program Files (x86)\Alchemy Elixir\Control.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
() C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe
(Karen Kenworthy) C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Intel Corporation) C:\Windows\system32\igfxtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Dropbox, Inc.) C:\Users\HEPACart\appdata\roaming\dropbox\bin\dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Google Inc.) C:\Users\HEPACart\AppData\Local\Google\Update\GoogleUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Users\HEPACart\Desktop\mbar\mbar.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [DMXLauncher] - C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe [109304 2007-02-12] ()
HKLM-x32\...\Run: [K3805] - C:\Program Files (x86)\Alchemy Elixir\control.exe [237568 2008-06-13] ()
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3228531912-3426476702-9034872-1000\...\Run: [Kensington TrackballWorks] - C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKU\S-1-5-21-3228531912-3426476702-9034872-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-14] (SUPERAntiSpyware)
HKU\S-1-5-21-3228531912-3426476702-9034872-1000\...\Run: [uTorrent] - C:\Users\HEPACart\AppData\Roaming\uTorrent\uTorrent.exe [904272 2014-01-31] (BitTorrent Inc.)
HKU\S-1-5-21-3228531912-3426476702-9034872-1000\...\RunOnce: [Uninstall C:\Users\HEPACart\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\HEPACart\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3228531912-3426476702-9034872-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
Startup: C:\Users\HEPACart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk
ShortcutTarget: Chatter Desktop.lnk -> C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe ()
Startup: C:\Users\HEPACart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Karen's Replicator.lnk
ShortcutTarget: Karen's Replicator.lnk -> C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=994519&fr=spigot-yhp-ie
URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
SearchScopes: HKCU - DefaultScope {B5C2036C-A482-43F5-8B75-D5412DDD9462} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6F410A81-AC8C-4B44-B9C1-E7F861358D46} URL = http://www.weather.com/search/enhanced?where={searchTerms}
SearchScopes: HKCU - {B5C2036C-A482-43F5-8B75-D5412DDD9462} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {D379AE6B-BD90-4A8F-8CFA-1B345A935658} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default
FF SelectedSearchEngine: Yahoo
FF Homepage: https://portal.hosted-commerce.net
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\HEPACart\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\HEPACart\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\HEPACart\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: BloCKUTubeAd - C:\Users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default\Extensions\[email protected] [2014-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-03]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Entanglement Web App) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-02-04]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-02-04]
CHR Extension: (Atari - Lunar Lander) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aheampccjiggeiflpcjolbabpohbpclg [2014-02-04]
CHR Extension: (Duolingo) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-02-04]
CHR Extension: (Angry Birds) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-02-04]
CHR Extension: (Google Docs) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (Isle of Tune) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\bljldflafhmbedhjnlncilbhfcnfabgb [2014-02-04]
CHR Extension: (YouTube) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Math Mahjong) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbcfbhpnngegochhbdlanodnmijfplal [2014-02-04]
CHR Extension: (QR Code Generator) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cicimfkkbejhggfjaabggafffgdnjgjp [2014-02-04]
CHR Extension: (Google Search) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (20 Things I Learned About Browsers & the Web) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfdlnlenokgjjchimonbekcmnofmlibg [2014-02-04]
CHR Extension: (RemindMe) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkbeopafgiefnlffkhmkhldcojehlgam [2014-02-04]
CHR Extension: (Google News) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-02-04]
CHR Extension: (Easy Clock) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn [2014-02-04]
CHR Extension: (Mahjongg) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-02-04]
CHR Extension: (The Clock Page) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfopehkobdhebdonhaiiiekadaoofdh [2014-02-04]
CHR Extension: (Google Calendar) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-02-04]
CHR Extension: (Weather) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fapbbpdnlcmiolkdfjnnjhabmcndadad [2014-02-04]
CHR Extension: (Pandora) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-02-04]
CHR Extension: (HTML Revealer and Password Revealer) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgeopcldenngppapceagonnenonklpbn [2014-02-04]
CHR Extension: (Full Screen Weather) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-02-04]
CHR Extension: (Springpad) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2014-02-04]
CHR Extension: (Mail Checker Plus for Google Mail™) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe [2014-02-04]
CHR Extension: (Planetarium) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-02-04]
CHR Extension: (Send to Evernote) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnilckpgiopfcokcijkhpghppekcoafm [2014-02-04]
CHR Extension: (BloCKUTubeAd) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm [2014-02-04]
CHR Extension: (Flow Game ) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhkenkiidlghkpkihaiojpjnngfocahn [2014-02-04]
CHR Extension: (One tsp.) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcdnnjdopcaklmkgfligadjfcgieeid [2014-02-04]
CHR Extension: (Isoball 3) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-02-04]
CHR Extension: (Cloud Reader) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-02-04]
CHR Extension: (Google Play Music) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-02-04]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2014-02-04]
CHR Extension: (Typing Test - KeyHero) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2014-02-04]
CHR Extension: (BBC Good Food) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja [2014-02-04]
CHR Extension: (StumbleUpon) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-02-04]
CHR Extension: (Autodesk Homestyler) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-02-04]
CHR Extension: (Free Invoice Maker) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebnkbogolcjifklpmgidaaoogjflajp [2014-02-04]
CHR Extension: (Cargo Bridge) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-02-04]
CHR Extension: (Mohiomap) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikkonmkmijjlbenemmnoakjmniihppj [2014-02-04]
CHR Extension: (TouristEye Planner) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpejalhlnocbhggpnokneghfenoneg [2014-02-04]
CHR Extension: (Build with Chrome) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2014-02-04]
CHR Extension: (Cube - A game about Google Maps) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcoijfpdfchaihokncghkbplhiiehko [2014-02-04]
CHR Extension: (Evernote Web) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-02-04]
CHR Extension: (WeVideo Next) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\limlkeaboocfcfncjkkghclkjidbedem [2014-02-04]
CHR Extension: (Planner 5D) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2014-02-04]
CHR Extension: (3D Solar System Web) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd [2014-02-04]
CHR Extension: (Ghostery) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-02-04]
CHR Extension: (iSideWith) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nekniaobhkcioppbllliijfaillbaiik [2014-02-04]
CHR Extension: (Mahjong Solitaire) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2014-02-04]
CHR Extension: (Jolidrive) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2014-02-04]
CHR Extension: (Springpad Extension) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng [2014-02-04]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-02-04]
CHR Extension: (COLOR QR CODE GENERATOR) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlkboobmhelkmcbmcpciedpjegmenhpg [2014-02-04]
CHR Extension: (CnC TA Script Collection) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2014-02-04]
CHR Extension: (Google Wallet) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (RouteXL) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohnbhkkaejhjagomokkbdakcjjnchhj [2014-02-04]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-02-04]
CHR Extension: (My Chrome Theme) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-02-04]
CHR Extension: (Salesforce.com) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooaoeobbhfgkohkegpbidjjnkhjfccao [2014-02-04]
CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2014-02-04]
CHR Extension: (RealtimeBoard: Whiteboard for Collaboration) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfmbdmhambgleempeofcjjhjclimccg [2014-02-04]
CHR Extension: (Edgeworld) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp [2014-02-04]
CHR Extension: (Evernote Web Clipper) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-02-04]
CHR Extension: (Gmail) - C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR Extension: (GrEAuttSave44U) - C:\ProgramData\lnmboeacpjphdehljkleicjdbdbnmfih [2013-12-30]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\HEPACart\AppData\Local\Temp\crx3E94.tmp [2013-12-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 2384af53; C:\ProgramData\Network Acceleration\NetworkAccelerationSvc.dll [176464 2013-12-27] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2012-12-05] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-12-05] (BlueStack Systems, Inc.)
R2 Canon NetSpot Console Server; C:\Program Files (x86)\Canon\nsc\wnappsrv.exe [36864 2003-09-30] (CANON INC.)
R2 Canon NetSpot Web Service; C:\Program Files (x86)\Canon\nsc\wnwebsrv.exe [57344 2006-03-31] (CANON INC.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [183264 2013-01-27] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2013-01-27] (Soluto)

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-12-05] (BlueStack Systems)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-10-29] ()
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-02-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119000 2014-02-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S2 npf; C:\Windows\SysWOW64\drivers\npf.sys [50704 2010-03-22] (CACE Technologies, Inc.)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-12-02] (Sonic Solutions)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-02-03] ()
R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [32848 2011-06-13] ()
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 radpms; system32\DRIVERS\radpms.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-13 08:30 - 2014-02-13 08:31 - 00027000 _____ () C:\Users\HEPACart\Desktop\FRST.txt
2014-02-13 08:30 - 2014-02-13 08:30 - 02152448 _____ (Farbar) C:\Users\HEPACart\Desktop\FRST64.exe
2014-02-13 08:30 - 2014-02-13 08:30 - 00000000 ____D () C:\FRST
2014-02-12 15:09 - 2014-02-12 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-12 15:09 - 2014-02-12 15:09 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-12 15:08 - 2014-02-12 15:08 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-12 15:08 - 2014-02-12 15:08 - 00000000 ____D () C:\Users\HEPACart\Desktop\mbar
2014-02-12 15:02 - 2014-02-12 15:02 - 12589848 _____ (Malwarebytes Corp.) C:\Users\HEPACart\Downloads\mbar-1.07.0.1009.exe
2014-02-12 14:45 - 2014-02-12 14:45 - 00000000 ____D () C:\Users\HEPACart\Documents\Reports for Bleeping
2014-02-12 14:32 - 2014-02-12 14:33 - 01166132 _____ () C:\Users\HEPACart\Downloads\AdwCleaner.exe
2014-02-11 14:30 - 2014-02-11 14:31 - 00688992 ____R (Swearware) C:\Users\HEPACart\Downloads\dds(1).com
2014-02-11 13:03 - 2014-02-11 13:03 - 00007883 _____ () C:\Users\HEPACart\Downloads\ACFrOgClPxFX8pIPgdMe0stnUJ5t58yPhEUmyQ10A_oqXJeXUUymatK6drGPX0qX3SbVhHgGiljKf3vLWIeRktYJOg7e0SMwHin2EBeNOcTuwh6aYYIs_XF3qiYeRH0=
2014-02-11 12:45 - 2014-02-11 12:45 - 00585255 _____ () C:\Users\HEPACart\Downloads\ACFrOgB06wvUP8S_P3nY0I0HQ2ytiIxg3YPbSunP2YUIHqX_Ftm3AHf705VIxaECaC3fdNEwHgKX2Qh9P8eB322oQQMlWf3XiC5MdAXxFJRHl6tDkY8mIJTryO1KZEU=
2014-02-10 12:51 - 2014-02-10 12:51 - 00088823 _____ () C:\Users\HEPACart\Downloads\quoteTemplateDataViewer(3).apexp
2014-02-10 12:47 - 2014-02-10 12:47 - 00088792 _____ () C:\Users\HEPACart\Downloads\quoteTemplateDataViewer(2).apexp
2014-02-10 12:02 - 2014-02-10 12:02 - 00088909 _____ () C:\Users\HEPACart\Downloads\quoteTemplateDataViewer(1).apexp
2014-02-10 12:01 - 2014-02-10 12:01 - 00088909 _____ () C:\Users\HEPACart\Downloads\quoteTemplateDataViewer.apexp
2014-02-07 10:03 - 2014-02-07 10:03 - 00870305 _____ () C:\Users\HEPACart\Downloads\ACFrOgBVdV4T8lq3Touc9Mxnqc0obu4aurxiqyCnC8Q2f3ExqlEjJOY7kL-WJ1JHX3wS5VkZpTAtMw5iFQDEpwJ6x6Yey3jvCXc5M3mS19Dd9maIspsRHUzTdDPfl6g=
2014-02-06 21:28 - 2014-02-11 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-06 12:49 - 2014-02-11 14:32 - 00020986 _____ () C:\Users\HEPACart\Desktop\dds.txt
2014-02-06 12:49 - 2014-02-11 14:32 - 00012235 _____ () C:\Users\HEPACart\Desktop\attach.txt
2014-02-06 12:47 - 2014-02-06 12:47 - 00688992 ____R (Swearware) C:\Users\HEPACart\Downloads\dds.com
2014-02-06 12:37 - 2014-02-06 12:37 - 00076289 _____ () C:\Users\HEPACart\Desktop\ups.xps
2014-02-05 12:10 - 2014-02-05 12:10 - 02130233 _____ () C:\Users\HEPACart\Downloads\ACFrOgDGI-xV4UQDtjK50J2Vd4vgTgW7cV-b-o8gmXj9VZD8Q6EuNrRLbHXS7w77gmjFb_JN-llDwAe6uQQfBGzB01QkRbZd4FwSYRpteL_twUx8G9E1nkDo5R9-7UM=
2014-02-05 11:12 - 2014-02-05 11:12 - 00096579 _____ () C:\Users\HEPACart\Downloads\ACFrOgAjcPxmZms-2PaUyK4VaTqZdl9XmckkHi86E3rbYle27hV5Lme8w-hfFfr3wHISjofnpPNrwkcqYVqkXZ9qPDmm4mlJvBKAJ6At5rCwLhsU6xwp9lkoQ2PyZ64=
2014-02-05 11:08 - 2014-02-05 11:08 - 00038445 _____ () C:\Users\HEPACart\Downloads\ACFrOgDqeIJWjjxNn3hZDtje9JZPdMMnKSXKX5fEaI3JWhh-HoXe-eOBSl5CItu6VgHrwXXRhhxi_8DpkkMyAjdUMTY8xSrPLG8n4Pmqp9nU8A3wITFFR3et-M_ygNs=
2014-02-05 01:12 - 2014-02-05 02:12 - 05556104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-04 11:43 - 2014-02-04 11:43 - 00002390 _____ () C:\Users\HEPACart\Desktop\Google Chrome.lnk
2014-02-04 11:43 - 2014-02-04 11:43 - 00000000 ____D () C:\Users\HEPACart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-02-04 11:42 - 2014-02-04 11:42 - 36528344 _____ (Google Inc.) C:\Users\HEPACart\Downloads\32.0.1700.107_chrome_installer(2).exe
2014-02-04 11:39 - 2014-02-04 11:39 - 00002258 _____ () C:\Users\HEPACart\Documents\chromecleanupreg.txt
2014-02-04 11:23 - 2014-02-04 11:23 - 00000294 _____ () C:\Users\HEPACart\Documents\htm.reg
2014-02-04 11:22 - 2014-02-04 11:22 - 00000298 _____ () C:\Users\HEPACart\Documents\HKCU_Classes_HTML_Backup.reg
2014-02-04 09:24 - 2014-02-04 09:24 - 36528344 _____ (Google Inc.) C:\Users\HEPACart\Downloads\32.0.1700.107_chrome_installer(1).exe
2014-02-04 09:22 - 2014-02-04 09:22 - 00000784 _____ () C:\Users\HEPACart\Documents\cc_20140204_092237.reg
2014-02-04 09:14 - 2014-02-04 09:14 - 36528344 _____ (Google Inc.) C:\Users\HEPACart\Downloads\32.0.1700.107_chrome_installer.exe
2014-02-04 09:13 - 2014-02-04 09:13 - 00004368 _____ () C:\Users\HEPACart\Documents\cc_20140204_091327.reg
2014-02-04 08:41 - 2014-02-04 08:41 - 00008096 _____ () C:\Users\HEPACart\Documents\cc_20140204_084116.reg
2014-02-04 08:41 - 2014-02-04 08:41 - 00000164 _____ () C:\Users\HEPACart\Documents\cc_20140204_084140.reg
2014-02-04 08:40 - 2014-02-04 08:40 - 00069816 _____ () C:\Users\HEPACart\Documents\cc_20140204_084034.reg
2014-02-04 08:15 - 2014-02-04 08:15 - 04721920 _____ (Piriform Ltd) C:\Users\HEPACart\Downloads\ccsetup410.exe
2014-02-03 16:39 - 2014-02-03 16:39 - 36847832 _____ (Google Inc.) C:\Users\HEPACart\Downloads\33.0.1750.58_chrome_installer.exe
2014-02-03 16:35 - 2014-02-03 16:35 - 00000000 ____D () C:\Program Files (x86)\BloCKUTubeAd
2014-01-31 10:25 - 2014-01-31 10:25 - 00000849 _____ () C:\Users\HEPACart\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-31 01:00 - 2014-02-03 16:35 - 00000000 ____D () C:\ProgramData\BloCKUTubeAd
2014-01-31 01:00 - 2014-01-31 01:00 - 00002446 __RSH () C:\ProgramData\ntuser.pol
2014-01-31 01:00 - 2014-01-31 01:00 - 00000000 ____D () C:\ProgramData\hepmfhomngnhgigoddlgcjhakholphmm
2014-01-30 11:18 - 2014-01-30 11:18 - 00000165 ____H () C:\Users\HEPACart\Desktop\~$Competition Template.pptx
2014-01-29 11:06 - 2014-01-29 11:13 - 00000000 ____D () C:\Users\HEPACart\Desktop\FreightQuoteUPS Claim
2014-01-28 09:22 - 2014-01-28 09:22 - 00000086 _____ () C:\Users\HEPACart\Desktop\UPS Calculate Time and Cost.url
2014-01-23 09:09 - 2014-01-23 09:09 - 00001598 _____ () C:\Users\HEPACart\Desktop\JRT.txt
2014-01-23 08:58 - 2014-01-23 08:58 - 00000000 ____D () C:\Windows\ERUNT
2014-01-23 08:15 - 2014-02-12 14:34 - 00000000 ____D () C:\AdwCleaner
2014-01-21 11:23 - 2014-01-27 13:27 - 00000000 ____D () C:\Users\HEPACart\Desktop\TAHFM Interlink
2014-01-17 08:23 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-17 08:23 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-17 08:23 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-17 08:23 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-17 08:22 - 2014-01-17 08:23 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-14 23:24 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 23:24 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 23:24 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 23:24 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 23:24 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 23:24 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 23:24 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 23:24 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 23:24 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 16:45 - 2014-01-14 16:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-14 16:45 - 2014-01-14 16:45 - 00000000 ____D () C:\Users\HEPACart\AppData\Roaming\SUPERAntiSpyware.com
2014-01-14 16:45 - 2014-01-14 16:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-01-14 12:47 - 2014-01-14 12:47 - 00001056 _____ () C:\Windows\wininit.ini

==================== One Month Modified Files and Folders =======

2014-02-13 08:31 - 2014-02-13 08:30 - 00027000 _____ () C:\Users\HEPACart\Desktop\FRST.txt
2014-02-13 08:30 - 2014-02-13 08:30 - 02152448 _____ (Farbar) C:\Users\HEPACart\Desktop\FRST64.exe
2014-02-13 08:30 - 2014-02-13 08:30 - 00000000 ____D () C:\FRST
2014-02-13 08:24 - 2011-05-13 15:56 - 00000000 ____D () C:\Users\HEPACart\AppData\Roaming\Dropbox
2014-02-13 08:23 - 2011-06-24 09:54 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 08:21 - 2011-05-12 09:47 - 01871013 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 08:12 - 2012-06-26 08:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-13 08:02 - 2011-09-16 09:59 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3228531912-3426476702-9034872-1000UA.job
2014-02-13 02:19 - 2011-07-22 09:48 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FAC03300-A5F5-44F7-8588-5862AFDBFABD}
2014-02-13 01:02 - 2011-09-16 09:59 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3228531912-3426476702-9034872-1000Core.job
2014-02-13 01:00 - 2011-05-12 13:48 - 00000000 ____D () C:\Users\HEPACart\Desktop\Hepa Quotes
2014-02-12 15:10 - 2014-02-12 15:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-12 15:09 - 2014-02-12 15:09 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-12 15:08 - 2014-02-12 15:08 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-12 15:08 - 2014-02-12 15:08 - 00000000 ____D () C:\Users\HEPACart\Desktop\mbar
2014-02-12 15:02 - 2014-02-12 15:02 - 12589848 _____ (Malwarebytes Corp.) C:\Users\HEPACart\Downloads\mbar-1.07.0.1009.exe
2014-02-12 14:45 - 2014-02-12 14:45 - 00000000 ____D () C:\Users\HEPACart\Documents\Reports for Bleeping
2014-02-12 14:34 - 2014-01-23 08:15 - 00000000 ____D () C:\AdwCleaner
2014-02-12 14:33 - 2014-02-12 14:32 - 01166132 _____ () C:\Users\HEPACart\Downloads\AdwCleaner.exe
2014-02-12 11:43 - 2011-05-16 16:04 - 00000000 ___RD () C:\Users\HEPACart\Documents\My Dropbox
2014-02-11 20:48 - 2014-02-06 21:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-11 14:32 - 2014-02-06 12:49 - 00020986 _____ () C:\Users\HEPACart\Desktop\dds.txt
2014-02-11 14:32 - 2014-02-06 12:49 - 00012235 _____ () C:\Users\HEPACart\Desktop\attach.txt
2014-02-11 14:31 - 2014-02-11 14:30 - 00688992 ____R (Swearware) C:\Users\HEPACart\Downloads\dds(1).com
2014-02-11 13:03 - 2014-02-11 13:03 - 00007883 _____ () C:\Users\HEPACart\Downloads\ACFrOgClPxFX8pIPgdMe0stnUJ5t58yPhEUmyQ10A_oqXJeXUUymatK6drGPX0qX3SbVhHgGiljKf3vLWIeRktYJOg7e0SMwHin2EBeNOcTuwh6aYYIs_XF3qiYeRH0=
2014-02-11 12:45 - 2014-02-11 12:45 - 00585255 _____ () C:\Users\HEPACart\Downloads\ACFrOgB06wvUP8S_P3nY0I0HQ2ytiIxg3YPbSunP2YUIHqX_Ftm3AHf705VIxaECaC3fdNEwHgKX2Qh9P8eB322oQQMlWf3XiC5MdAXxFJRHl6tDkY8mIJTryO1KZEU=
2014-02-11 10:09 - 2011-05-12 13:50 - 00027136 _____ () C:\Users\HEPACart\Desktop\HepaCart Shipping Info.xls
2014-02-10 12:51 - 2014-02-10 12:51 - 00088823 _____ () C:\Users\HEPACart\Downloads\quoteTemplateDataViewer(3).apexp
2014-02-10 12:47 - 2014-02-10 12:47 - 00088792 _____ () C:\Users\HEPACart\Downloads\quoteTemplateDataViewer(2).apexp
2014-02-10 12:02 - 2014-02-10 12:02 - 00088909 _____ () C:\Users\HEPACart\Downloads\quoteTemplateDataViewer(1).apexp
2014-02-10 12:01 - 2014-02-10 12:01 - 00088909 _____ () C:\Users\HEPACart\Downloads\quoteTemplateDataViewer.apexp
2014-02-10 10:49 - 2011-05-12 13:38 - 00000000 ___RD () C:\Users\HEPACart\Desktop\Cleanup Tools
2014-02-07 10:03 - 2014-02-07 10:03 - 00870305 _____ () C:\Users\HEPACart\Downloads\ACFrOgBVdV4T8lq3Touc9Mxnqc0obu4aurxiqyCnC8Q2f3ExqlEjJOY7kL-WJ1JHX3wS5VkZpTAtMw5iFQDEpwJ6x6Yey3jvCXc5M3mS19Dd9maIspsRHUzTdDPfl6g=
2014-02-06 12:47 - 2014-02-06 12:47 - 00688992 ____R (Swearware) C:\Users\HEPACart\Downloads\dds.com
2014-02-06 12:37 - 2014-02-06 12:37 - 00076289 _____ () C:\Users\HEPACart\Desktop\ups.xps
2014-02-05 12:10 - 2014-02-05 12:10 - 02130233 _____ () C:\Users\HEPACart\Downloads\ACFrOgDGI-xV4UQDtjK50J2Vd4vgTgW7cV-b-o8gmXj9VZD8Q6EuNrRLbHXS7w77gmjFb_JN-llDwAe6uQQfBGzB01QkRbZd4FwSYRpteL_twUx8G9E1nkDo5R9-7UM=
2014-02-05 11:12 - 2014-02-05 11:12 - 00096579 _____ () C:\Users\HEPACart\Downloads\ACFrOgAjcPxmZms-2PaUyK4VaTqZdl9XmckkHi86E3rbYle27hV5Lme8w-hfFfr3wHISjofnpPNrwkcqYVqkXZ9qPDmm4mlJvBKAJ6At5rCwLhsU6xwp9lkoQ2PyZ64=
2014-02-05 11:08 - 2014-02-05 11:08 - 00038445 _____ () C:\Users\HEPACart\Downloads\ACFrOgDqeIJWjjxNn3hZDtje9JZPdMMnKSXKX5fEaI3JWhh-HoXe-eOBSl5CItu6VgHrwXXRhhxi_8DpkkMyAjdUMTY8xSrPLG8n4Pmqp9nU8A3wITFFR3et-M_ygNs=
2014-02-05 02:12 - 2014-02-05 01:12 - 05556104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-05 02:12 - 2012-06-26 08:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 02:12 - 2012-06-26 08:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 02:12 - 2011-06-14 09:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 11:43 - 2014-02-04 11:43 - 00002390 _____ () C:\Users\HEPACart\Desktop\Google Chrome.lnk
2014-02-04 11:43 - 2014-02-04 11:43 - 00000000 ____D () C:\Users\HEPACart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-02-04 11:43 - 2011-05-12 09:13 - 00000000 ____D () C:\Users\HEPACart\AppData\Local\Google
2014-02-04 11:42 - 2014-02-04 11:42 - 36528344 _____ (Google Inc.) C:\Users\HEPACart\Downloads\32.0.1700.107_chrome_installer(2).exe
2014-02-04 11:39 - 2014-02-04 11:39 - 00002258 _____ () C:\Users\HEPACart\Documents\chromecleanupreg.txt
2014-02-04 11:23 - 2014-02-04 11:23 - 00000294 _____ () C:\Users\HEPACart\Documents\htm.reg
2014-02-04 11:22 - 2014-02-04 11:22 - 00000298 _____ () C:\Users\HEPACart\Documents\HKCU_Classes_HTML_Backup.reg
2014-02-04 10:48 - 2011-10-13 09:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-04 09:24 - 2014-02-04 09:24 - 36528344 _____ (Google Inc.) C:\Users\HEPACart\Downloads\32.0.1700.107_chrome_installer(1).exe
2014-02-04 09:22 - 2014-02-04 09:22 - 00000784 _____ () C:\Users\HEPACart\Documents\cc_20140204_092237.reg
2014-02-04 09:14 - 2014-02-04 09:14 - 36528344 _____ (Google Inc.) C:\Users\HEPACart\Downloads\32.0.1700.107_chrome_installer.exe
2014-02-04 09:13 - 2014-02-04 09:13 - 00004368 _____ () C:\Users\HEPACart\Documents\cc_20140204_091327.reg
2014-02-04 08:41 - 2014-02-04 08:41 - 00008096 _____ () C:\Users\HEPACart\Documents\cc_20140204_084116.reg
2014-02-04 08:41 - 2014-02-04 08:41 - 00000164 _____ () C:\Users\HEPACart\Documents\cc_20140204_084140.reg
2014-02-04 08:40 - 2014-02-04 08:40 - 00069816 _____ () C:\Users\HEPACart\Documents\cc_20140204_084034.reg
2014-02-04 08:38 - 2011-08-31 11:56 - 00000000 ____D () C:\Users\HEPACart\AppData\Roaming\uTorrent
2014-02-04 08:16 - 2011-10-07 14:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-04 08:15 - 2014-02-04 08:15 - 04721920 _____ (Piriform Ltd) C:\Users\HEPACart\Downloads\ccsetup410.exe
2014-02-03 16:46 - 2013-06-27 09:59 - 00000000 ____D () C:\Users\HEPACart\AppData\Local\Unity
2014-02-03 16:39 - 2014-02-03 16:39 - 36847832 _____ (Google Inc.) C:\Users\HEPACart\Downloads\33.0.1750.58_chrome_installer.exe
2014-02-03 16:35 - 2014-02-03 16:35 - 00000000 ____D () C:\Program Files (x86)\BloCKUTubeAd
2014-02-03 16:35 - 2014-01-31 01:00 - 00000000 ____D () C:\ProgramData\BloCKUTubeAd
2014-02-03 16:35 - 2013-12-30 14:43 - 00000000 ____D () C:\ProgramData\97f37e1ccc865a13
2014-02-03 16:26 - 2013-11-05 11:29 - 00447690 _____ () C:\Users\HEPACart\Desktop\Long-Term Rental Program (Rent-to-Own) WorkbooK.xlsx
2014-01-31 10:25 - 2014-01-31 10:25 - 00000849 _____ () C:\Users\HEPACart\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-31 10:25 - 2011-08-31 11:57 - 00000000 ____D () C:\Program Files (x86)\uTorrent
2014-01-31 01:00 - 2014-01-31 01:00 - 00002446 __RSH () C:\ProgramData\ntuser.pol
2014-01-31 01:00 - 2014-01-31 01:00 - 00000000 ____D () C:\ProgramData\hepmfhomngnhgigoddlgcjhakholphmm
2014-01-31 01:00 - 2009-07-13 21:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-01-30 17:41 - 2009-07-13 22:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 17:41 - 2009-07-13 22:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 11:18 - 2014-01-30 11:18 - 00000165 ____H () C:\Users\HEPACart\Desktop\~$Competition Template.pptx
2014-01-30 11:17 - 2011-05-12 13:46 - 00000000 ___RD () C:\Users\HEPACart\Desktop\Grainger HEPACart
2014-01-29 11:13 - 2014-01-29 11:06 - 00000000 ____D () C:\Users\HEPACart\Desktop\FreightQuoteUPS Claim
2014-01-28 16:14 - 2012-06-26 08:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-28 15:42 - 2011-06-23 08:11 - 00000000 ___RD () C:\Users\HEPACart\Desktop\Marlin Leasing Tools
2014-01-28 09:22 - 2014-01-28 09:22 - 00000086 _____ () C:\Users\HEPACart\Desktop\UPS Calculate Time and Cost.url
2014-01-27 13:27 - 2014-01-21 11:23 - 00000000 ____D () C:\Users\HEPACart\Desktop\TAHFM Interlink
2014-01-25 09:18 - 2011-05-12 07:58 - 00000000 ___RD () C:\Users\HEPACart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 12:28 - 2013-10-14 12:20 - 00000000 ___RD () C:\Users\HEPACart\Desktop\ASHE PDC 2014
2014-01-23 09:09 - 2014-01-23 09:09 - 00001598 _____ () C:\Users\HEPACart\Desktop\JRT.txt
2014-01-23 08:58 - 2014-01-23 08:58 - 00000000 ____D () C:\Windows\ERUNT
2014-01-23 08:57 - 2009-07-13 23:13 - 00792614 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-23 08:51 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-01-22 15:33 - 2011-06-24 09:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-22 15:29 - 2012-10-23 15:30 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-01-22 11:43 - 2012-07-02 09:50 - 00000000 ____D () C:\Users\HEPACart\AppData\Local\Samsung
2014-01-22 11:43 - 2012-07-02 09:22 - 00000000 ____D () C:\ProgramData\Samsung
2014-01-22 11:43 - 2011-05-12 12:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-19 01:33 - 2011-05-12 08:26 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 08:29 - 2013-10-15 15:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-17 08:23 - 2014-01-17 08:22 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-17 08:23 - 2013-10-15 15:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-15 08:00 - 2009-07-13 22:45 - 05043456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 03:04 - 2009-09-11 17:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 03:03 - 2013-07-22 20:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 03:00 - 2011-05-12 08:42 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 16:47 - 2014-01-14 16:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-14 16:45 - 2014-01-14 16:45 - 00000000 ____D () C:\Users\HEPACart\AppData\Roaming\SUPERAntiSpyware.com
2014-01-14 16:45 - 2014-01-14 16:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-01-14 12:47 - 2014-01-14 12:47 - 00001056 _____ () C:\Windows\wininit.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 00:04

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2014 01
Ran by HEPACart at 2014-02-13 08:32:06
Running from C:\Users\HEPACart\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
2007 Microsoft Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
64 Bit HP CIO Components Installer (Version: 7.2.9 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader for ScanSnap ™ 4.0 (x32 Version: 8.00.245.56422 - ABBYY)
Acoustica CD/DVD Label Maker (x32 Version:  - )
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (x32 Version: 1.1.377 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Active@ ISO Burner (x32 Version: 2.5.1 - LSoft Technologies)
Adobe Acrobat  9 Standard - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (x32 Version:  - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (x32 Version: 7.0.1a - Adobe Systems, Inc.)
Adobe Photoshop CS5.1 (x32 Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Alchemy Elixir (x32 Version: 1.00 - )
Amazon MP3 Downloader 1.0.12 (x32 Version: 1.0.12 - Amazon Services LLC)
Any Video Converter 5.0.5 (x32 Version:  - Any-Video-Converter.com)
ASUS Android USB Drivers (Version: 4.0.6753 - ASUSTeK Computer Inc.)
ASUS RT-N12 Wireless Router Utilities (x32 Version: 4.2.6.7 - ASUS)
ASUS Sync (x32 Version: 1.0.97 - FutureDial Inc.)
ASUS WebStorage (x32 Version: 3.0.130.270 - ASUS Cloud Corporation)
Audacity 2.0.5 (x32 Version: 2.0.5 - Audacity Team)
Audio Chaos Soudscape Generator 1.0 (HKCU Version:  - )
Avery Wizard 4.0 (x32 Version: 4.0.103 - Avery)
CardMinder (x32 Version: V4.1L10 - PFU)
CardMinder V4.1 (x32 Version: 4.1.10.1 - PFU) Hidden
CCleaner (Version: 4.10 - Piriform)
Chatter Desktop (x32 Version: 3.2.0 - Salesforce.com, Inc)
Chatter Desktop (x32 Version: 3.2.0 - Salesforce.com, Inc) Hidden
Cisco WebEx Meetings (HKCU Version:  - Cisco WebEx LLC)
Citrix Online Launcher (x32 Version: 1.0.153 - Citrix)
CloneDVD2 (x32 Version: 2.9.3.0 - Elaborate Bytes)
ContinueToSave (Version: 1.0 - BetterSoft) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (Version: 2.12 - Piriform)
Dexpot (HKCU Version: 1.6.4 - Dexpot GbR)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
DropIt (v3.5) (x32 Version:  - Lupo PenSuite Team)
DVD Catalyst 4.1.5.2 (x32 Version: 4.1.5.2 - Tools4Movies)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 5.1.2 (x32 Version: 5.1.2.2387 - Evernote Corp.)
FileZilla Client 3.6.0.2 (HKCU Version: 3.6.0.2 - FileZilla Project)
Folder Colorizer version 1.3.1 (Version: 1.3.1 - Softorino)
GIMP 2.6.11 (x32 Version: 2.6.11 - The GIMP Team)
Google Calendar Sync (x32 Version:  - )
Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259 - CitrixOnline)
HP Designjet T2300 Printer Series (x32 Version:  - Hewlett-Packard Co.)
HP ePrint and Share (Version: 1.3.0 - Hewlett-Packard)
HP ICC Profiles_x64 (Version: 2.0.0 - Hewlett Packard, Co.) Hidden
HP Web Registration (x32 Version: 1.2.0.0 - Hewlett Packard, Co.) Hidden
IrfanView (remove only) (x32 Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Karen's Replicator (x32 Version: 3.6.0.9 - Karen Kenworthy)
LAME v3.99.3 (for Windows) (x32 Version:  - )
LAN-Fax Utilities (Version:  - )
LightScribe System Software (x32 Version: 1.18.26.7 - LightScribe)
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Logitech Unifying Software 2.10 (Version: 2.10.37 - Logitech)
Magic DVD Copier V6.1.0 (x32 Version:  - Magic DVD Software, Inc.)
Magical Jelly Bean KeyFinder (x32 Version: 2.0.9.5 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 Primary Interop Assemblies (x32 Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Personal Folders Backup (x32 Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60816.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (x32 Version: 28.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Music Manager (HKCU Version:  - Google, Inc.)
NetSpot Console (x32 Version:  - )
NetSpot Console (x32 Version:  - ) Hidden
NetSpot Console Troubleshooting Guide (x32 Version:  - )
NetSpot Console Troubleshooting Guide (x32 Version: 4.10.3 - CANON INC.) Hidden
Network Acceleration (x32 Version:  - BullPoint)
Notepad++ (x32 Version: 6.3.2 - Notepad++ Team)
Notification Center (x32 Version: 0.7.8.829 - BlueStack Systems, Inc.)
NTFS4DOS (x32 Version:  - )
Office Tab Free Edition (64-bit) (Version: 7.00 - Detong Technology Ltd.)
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Roxio Creator 9 XE (x32 Version: 9.0.602 - Roxio)
Salesforce for Outlook (Version: 2.0.02.1065 - salesforce.com)
Samsung Kies3 (x32 Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.) Hidden
Scan to Microsoft SharePoint (x32 Version: 3.3.4 - KnowledgeLake)
ScanSnap (x32 Version: 5.0.21.1 - PFU Limited) Hidden
ScanSnap (x32 Version: 5.1.20.1 - PFU Limited) Hidden
ScanSnap Manager (x32 Version: V5.0L24 - PFU)
ScanSnap Organizer (x32 Version: 4.1.11.3 - PFU LIMITED) Hidden
ScanSnap Organizer (x32 Version: V4.1L11 - PFU)
SeaTools for Windows (x32 Version: 1.2.0.6 - Seagate Technology)
Soluto (Version: 1.3.1140.0 - Soluto)
Speccy (Version: 1.11 - Piriform)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (x32 Version: 2.0.12 - Safer-Networking Ltd.)
SUPERAntiSpyware (Version: 5.7.1016 - SUPERAntiSpyware.com)
TrackballWorks (x32 Version: 1.1.18 - Kensington Computer Products Group)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Video Download Studio 3.4.12 (x32 Version:  - aHisoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32 Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Vuze Remote Toolbar v8.6 (x32 Version: 8.6 - Spigot, Inc.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)

==================== Restore Points  =========================

12-02-2014 06:00:02 Scheduled Checkpoint
12-02-2014 15:06:42 Windows Update

==================== Hosts content: ==========================

2009-07-13 20:34 - 2014-02-04 10:51 - 00450770 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0D02C82D-ED54-44A3-8622-1CC86B1A37B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {6248D498-44DA-44CE-A1A1-37ECC960AB5C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {6E108761-2360-4C2F-AF05-4D978C04C6B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3228531912-3426476702-9034872-1000UA => C:\Users\HEPACart\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16] (Google Inc.)
Task: {72EFB791-89F2-4C9E-9B33-CCC8405B6EA3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24] (Google Inc.)
Task: {76504D45-5740-4805-BDBA-056A28E626B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {AE1A5B11-F6B0-4E13-BF8B-41B0890D9BF3} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [2013-03-01] (Futuredial Inc.)
Task: {B106FAFF-E265-4215-AA94-A967A68F1968} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {BB95BC3D-3131-4682-99A3-F5CD55C4D3DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3228531912-3426476702-9034872-1000Core => C:\Users\HEPACart\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16] (Google Inc.)
Task: {DFF52917-291B-4E30-8935-4916B992EBAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24] (Google Inc.)
Task: {E39294EB-BCE4-4CF9-A264-A07B1271D6F7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3228531912-3426476702-9034872-1000Core.job => C:\Users\HEPACart\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3228531912-3426476702-9034872-1000UA.job => C:\Users\HEPACart\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-15 06:42 - 2013-08-15 06:42 - 01665024 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGPreCompiled\b44107cb23eeec3f137077ba15398d59\PCGPreCompiled.ni.dll
2013-10-09 08:52 - 2013-10-09 08:52 - 00237568 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGAppControlPlugin#\a7acbe2ff9d71d8789a224b00ff43e2c\PCGAppControlPluginLoader.ni.dll
2013-01-27 09:00 - 2013-01-27 09:00 - 00091192 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2007-02-12 02:24 - 2007-02-12 02:24 - 00109304 _____ () C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
2012-11-16 08:42 - 2008-06-13 09:17 - 00237568 _____ () C:\Program Files (x86)\Alchemy Elixir\Control.exe
2014-01-07 11:41 - 2014-01-07 11:41 - 00142336 _____ () C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe
2010-01-02 08:42 - 2010-01-02 08:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 09:24 - 2012-06-18 09:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-12-11 10:47 - 2013-12-10 17:22 - 00137528 _____ () C:\Program Files\Folder Colorizer\FolderColorShlExt.dll
2013-03-26 15:19 - 2012-11-13 13:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-03-26 15:19 - 2012-11-13 13:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-03-26 15:19 - 2012-11-13 13:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-03-26 15:19 - 2012-08-23 08:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-03-26 15:19 - 2012-11-13 13:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2011-05-12 12:54 - 2008-11-12 14:32 - 00014848 _____ () C:\Program Files (x86)\PFU\CardMinder\CardPath.dll
2013-03-26 15:19 - 2012-11-13 13:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2011-05-12 12:32 - 2010-09-14 11:57 - 00376832 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2011-05-12 12:32 - 2010-01-01 11:00 - 00233472 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2011-05-12 12:32 - 2003-03-26 17:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2011-05-12 12:32 - 2010-08-24 15:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2012-11-29 15:59 - 2012-11-29 15:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2011-05-12 12:31 - 1996-12-19 12:24 - 00068608 _____ () C:\Program Files (x86)\Common Files\PFU\ScanSnap\OCR\FJ\F5BDKAKU.DLL
2012-05-23 15:00 - 2012-05-23 15:00 - 02408448 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2012-05-23 15:00 - 2012-05-23 15:00 - 08626176 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2012-05-23 15:00 - 2012-05-23 15:00 - 00212992 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-10-18 17:55 - 2013-10-18 17:55 - 25100288 _____ () C:\Users\HEPACart\appdata\roaming\dropbox\bin\libcef.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-01-22 13:29 - 2014-01-22 13:29 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-01-22 13:29 - 2014-01-22 13:29 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-01-22 13:34 - 2014-01-22 13:34 - 21115392 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2014-01-22 13:34 - 2014-01-22 13:34 - 00983054 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2014-01-22 13:34 - 2014-01-22 13:34 - 00133134 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2014-01-22 13:34 - 2014-01-22 13:34 - 00189454 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
2013-12-27 14:02 - 2013-12-27 14:02 - 04269056 _____ () C:\ProgramData\Network Acceleration\NetworkAcceleration.dll
2014-02-06 21:28 - 2014-02-06 21:29 - 03614832 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-04 11:43 - 2014-02-01 17:41 - 00715592 _____ () C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 11:43 - 2014-02-01 17:41 - 00100168 _____ () C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 11:43 - 2014-02-01 17:42 - 04055368 _____ () C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 11:43 - 2014-02-01 17:42 - 00399688 _____ () C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 11:43 - 2014-02-01 17:41 - 01634632 _____ () C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-04 11:43 - 2014-02-01 17:42 - 13616456 _____ () C:\Users\HEPACart\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\HEPACart\Desktop\91001805.tif:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\Alchemy:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\AnteRoom-Demo.mov:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\AnteRoom-Demo.v02.mov:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\CAHED Show Info:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\CAP in action.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\HC74U-Demo.v03.mov:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\HEPA VO 10232012_data:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\HEPACart-Narrated-Web-Demo.mov:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\Mustang_1.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\recording-20121025-162858_data:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\Scans:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\Toshy drivers:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\Video Links:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Desktop\Walkouts:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Documents\Ab.stx:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Documents\Asus WebStorage:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Documents\FW HEPACART Customer Follow-Up_files:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Documents\HPrintJobsStorage:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Documents\ProcAlyzer Dumps:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Documents\samsung:Roxio EMC Stream
AlternateDataStreams: C:\Users\HEPACart\Documents\SPS signed master agreement:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Alchemy Elixir.lnk => C:\Windows\pss\Alchemy Elixir.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Salesforce for Outlook.lnk => C:\Windows\pss\Salesforce for Outlook.lnk.CommonStartup
MSCONFIG\startupreg: ASUS Sync Loader => "C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe" -startup
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSPanel.exe /S
MSCONFIG\startupreg: Kensington TrackballWorks Helper => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2014 02:47:10 PM) (Source: Application Hang) (User: )
Description: The program Acrobat.exe version 9.5.5.316 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ae4

Start Time: 01cf2769b004e9c0

Termination Time: 15

Application Path: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe

Report Id: a18133ce-935d-11e3-becc-00251183fe53

Error: (02/05/2014 00:34:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (02/05/2014 00:34:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (02/05/2014 00:34:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (02/05/2014 00:34:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (02/05/2014 00:34:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (02/05/2014 00:34:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (02/05/2014 00:34:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (02/05/2014 00:34:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (02/05/2014 00:34:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (02/12/2014 03:31:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SolutoService service.

Error: (02/12/2014 03:31:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SolutoService service.

Error: (02/12/2014 08:17:10 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/12/2014 00:00:16 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (02/12/2014 00:00:16 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (02/12/2014 00:00:15 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (02/11/2014 08:07:43 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/10/2014 00:24:58 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (02/10/2014 00:24:57 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (02/10/2014 00:24:56 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.


Microsoft Office Sessions:
=========================
Error: (06/09/2013 10:50:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 127995 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/19/2013 05:18:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52161 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/12/2013 10:20:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/12/2013 00:18:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/11/2013 02:15:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/11/2013 00:13:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/07/2013 02:01:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/05/2013 01:53:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/02/2013 08:44:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/31/2013 05:38:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-01-23 08:51:36.536
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-23 08:51:36.364
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-17 08:05:44.379
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-17 08:05:44.208
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-15 08:05:36.583
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-15 08:05:36.427
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-15 07:59:50.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-15 07:59:50.771
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-14 13:09:13.380
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-14 13:09:13.208
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 86%
Total physical RAM: 8061.14 MB
Available physical RAM: 1121.43 MB
Total Pagefile: 21654.45 MB
Available Pagefile: 2076.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Seagate 1gig) (Fixed) (Total:931.51 GB) (Free:691.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:319.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (USB20FD) (Removable) (Total:29.95 GB) (Free:25.95 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3411C076)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=932 GB) - (Type=42)
Partition 3: (Not Active) - (Size=728 KB) - (Type=42)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 35AD69E5)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E49F18B2)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=932 GB) - (Type=42)
Partition 3: (Not Active) - (Size=728 KB) - (Type=42)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:33 PM

Posted 13 February 2014 - 08:04 PM

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Posted Image
 
Posted Image
 
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.


If you are satisfied with the help that you have received, please consider a donation. Posted Image

#9 arelles

arelles
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas City
  • Local time:04:33 PM

Posted 14 February 2014 - 01:20 PM

Jeff,

Thanks again for your time.  How did you learn to analyze these reports?

As requested:

ComboFix 14-02-14.01 - HEPACart 02/14/2014  11:30:40.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8061.4773 [GMT -6:00]
Running from: c:\users\HEPACart\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe
c:\users\HEPACart\AppData\Local\assembly\tmp
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm\3.2_0\background.html
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm\3.2_0\content.js
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm\3.2_0\dYpSTrZrE4n.js
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm\3.2_0\lsdb.js
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm\3.2_0\manifest.json
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hepmfhomngnhgigoddlgcjhakholphmm_0.localstorage-journal
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hepmfhomngnhgigoddlgcjhakholphmm_0.localstorage
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\_ctypes.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\_elementtree.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\_hashlib.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\_multiprocessing.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\_socket.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\_ssl.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\pyexpat.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\pysqlite2._sqlite.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\python27.dll
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\pythoncom27.dll
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\PyWinTypes27.dll
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\select.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\unicodedata.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\win32api.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\win32com.shell.shell.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\win32crypt.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\win32event.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\win32file.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\win32inet.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\win32pdh.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\win32pipe.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\win32process.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\win32profile.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\win32security.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\win32ts.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\windows._lib_cacheinvalidation.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wx._controls_.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wx._core_.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wx._gdi_.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wx._html2.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wx._misc_.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wx._windows_.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wx._wizard.pyd
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wxbase294u_net_vc90.dll
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wxbase294u_vc90.dll
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wxmsw294u_adv_vc90.dll
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wxmsw294u_core_vc90.dll
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wxmsw294u_html_vc90.dll
c:\users\HEPACart\AppData\Local\Temp\_MEI26282\wxmsw294u_webview_vc90.dll
c:\users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default\extensions\[email protected]
c:\users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default\extensions\[email protected]\bootstrap.js
c:\users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default\extensions\[email protected]\chrome.manifest
c:\users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default\extensions\[email protected]\content\bg.js
c:\users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default\extensions\[email protected]\install.rdf
c:\users\HEPACart\Documents\~WRL4009.tmp
c:\users\HEPACart\g2mdlhlpx.exe
c:\windows\SysWow64\drivers\npf.sys
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-14 to 2014-02-14  )))))))))))))))))))))))))))))))
.
.
2014-02-14 17:43 . 2014-02-14 17:43    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-14 09:02 . 2013-12-21 09:53    548864    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-14 09:02 . 2013-12-21 08:56    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-02-14 09:00 . 2014-02-06 09:50    2041856    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-14 09:00 . 2014-02-06 09:22    13051392    ----a-w-    c:\windows\system32\ieframe.dll
2014-02-14 09:00 . 2014-02-06 10:11    5768704    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-14 09:00 . 2014-02-06 09:25    4244480    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-02-13 15:06 . 2013-12-04 03:28    10315576    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACFDFE0C-B1C8-47BA-AA94-4AAD759A487E}\mpengine.dll    ERROR(0x00000005)
2014-02-13 14:30 . 2014-02-13 14:32    --------    d-----w-    C:\FRST
2014-02-12 21:09 . 2014-02-12 21:09    119000    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-12 21:08 . 2014-02-12 21:08    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-12 15:07 . 2013-12-04 03:28    10315576    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll    ERROR(0x00000005)
2014-02-05 07:12 . 2014-02-05 08:12    5556104    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-02-03 22:35 . 2014-02-03 22:35    --------    d-----w-    c:\program files (x86)\BloCKUTubeAd
2014-01-23 14:58 . 2014-01-23 14:58    --------    d-----w-    c:\windows\ERUNT
2014-01-23 14:17 . 2013-10-18 17:19    965000    ------w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43D8276C-245D-4C71-9EFF-C2CC9048CB7B}\gapaengine.dll    ERROR(0x00000005)
2014-01-23 14:15 . 2014-02-12 20:34    --------    d-----w-    C:\AdwCleaner
2014-01-17 14:23 . 2013-12-19 03:09    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 08:12 . 2012-06-26 14:25    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 08:12 . 2011-06-14 15:15    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-19 07:33 . 2011-05-12 14:26    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-15 09:00 . 2011-05-12 14:42    86054176    ----a-w-    c:\windows\system32\MRT.exe
2014-01-04 01:22 . 2011-08-30 15:55    22240    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll    ERROR(0x00000005)
2013-12-03 18:04 . 2013-12-03 18:04    53248    ----a-r-    c:\users\HEPACart\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-12-03 18:04 . 2013-12-03 18:04    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-12-03 09:02 . 2013-12-03 09:02    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 09:02 . 2013-12-03 09:02    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-12-03 09:02 . 2013-12-03 09:02    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 09:02 . 2013-12-03 09:02    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-12-03 09:02 . 2013-12-03 09:02    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-12-03 09:02 . 2013-12-03 09:02    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 09:02 . 2013-12-03 09:02    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-12-03 09:02 . 2013-12-03 09:02    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-12-03 09:02 . 2013-12-03 09:02    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-12-03 09:02 . 2013-12-03 09:02    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 09:02 . 2013-12-03 09:02    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 09:02 . 2013-12-03 09:02    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-12-03 09:02 . 2013-12-03 09:02    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-12-03 09:02 . 2013-12-03 09:02    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-12-03 09:02 . 2013-12-03 09:02    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-12-03 09:02 . 2013-12-03 09:02    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-12-03 09:02 . 2013-12-03 09:02    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-12-03 09:02 . 2013-12-03 09:02    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 09:02 . 2013-12-03 09:02    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 09:02 . 2013-12-03 09:02    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-12-03 09:02 . 2013-12-03 09:02    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 09:02 . 2013-12-03 09:02    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-12-03 09:02 . 2013-12-03 09:02    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 09:02 . 2013-12-03 09:02    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-12-03 09:02 . 2013-12-03 09:02    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-12-03 09:02 . 2013-12-03 09:02    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-12-03 09:02 . 2013-12-03 09:02    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-12-03 09:02 . 2013-12-03 09:02    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-12-03 09:02 . 2013-12-03 09:02    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-12-03 09:02 . 2013-12-03 09:02    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-12-03 09:02 . 2013-12-03 09:02    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-12-03 09:02 . 2013-12-03 09:02    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-12-03 09:02 . 2013-12-03 09:02    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-12-03 09:02 . 2013-12-03 09:02    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-12-03 09:02 . 2013-12-03 09:02    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-12-03 09:02 . 2013-12-03 09:02    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-12-03 09:02 . 2013-12-03 09:02    413696    ----a-w-    c:\windows\system32\html.iec
2013-12-03 09:02 . 2013-12-03 09:02    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 09:02 . 2013-12-03 09:02    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-12-03 09:02 . 2013-12-03 09:02    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-12-03 09:02 . 2013-12-03 09:02    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-12-03 09:02 . 2013-12-03 09:02    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-12-03 09:02 . 2013-12-03 09:02    235520    ----a-w-    c:\windows\system32\url.dll
2013-12-03 09:02 . 2013-12-03 09:02    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-12-03 09:02 . 2013-12-03 09:02    147968    ----a-w-    c:\windows\system32\occache.dll
2013-12-03 09:02 . 2013-12-03 09:02    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-12-03 09:02 . 2013-12-03 09:02    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-12-03 09:02 . 2013-12-03 09:02    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-12-03 09:02 . 2013-12-03 09:02    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-12-03 09:02 . 2013-12-03 09:02    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-12-03 09:02 . 2013-12-03 09:02    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-12-03 09:02 . 2013-12-03 09:02    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-27 01:41 . 2014-01-15 05:24    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 05:24    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 05:24    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 05:24    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 05:24    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 05:24    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 05:24    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 05:24    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 05:24    3156480    ----a-w-    c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-11 05:57    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 05:57    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-06 20:48    222832    ----a-w-    c:\users\HEPACart\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-06 20:48    222832    ----a-w-    c:\users\HEPACart\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-06 20:48    222832    ----a-w-    c:\users\HEPACart\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\HEPACart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\HEPACart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\HEPACart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kensington TrackballWorks"="c:\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe" [2012-02-20 504320]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-14 6563608]
"uTorrent"="c:\users\HEPACart\AppData\Roaming\uTorrent\uTorrent.exe" [2014-01-31 904272]
"C045489B34E68F991488A1C4E03142C6A5F43DC8._service_run"="c:\users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
"GoogleChromeAutoLaunch_28FE60F037DB811F5F66C678252E56D1"="c:\users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"DMXLauncher"="c:\program files (x86)\Roxio\CinePlayer\DMXLauncher.exe" [2007-02-12 109304]
"K3805"="c:\program files (x86)\Alchemy Elixir\control.exe" [2008-06-13 237568]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\HEPACart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2014-1-28 1104736]
Karen's Replicator.lnk - c:\program files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe [2010-2-7 1189360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files (x86)\PFU\CardMinder\CardLauncher.exe [2011-5-12 77824]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-5-12 15360]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-5-12 1056768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys;c:\windows\SYSNATIVE\DRIVERS\radpms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 2384af53;Network Acceleration;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 Canon NetSpot Console Server;Canon NetSpot Console;c:\program files (x86)\Canon\nsc\wnappsrv.exe;c:\program files (x86)\Canon\nsc\wnappsrv.exe [x]
S2 Canon NetSpot Web Service;Canon NetSpot Console Web Service;c:\program files (x86)\Canon\nsc\wnwebsrv.exe;c:\program files (x86)\Canon\nsc\wnwebsrv.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 tbwkern;Kensington TrackballWorks driver;c:\windows\system32\DRIVERS\tbwkern.sys;c:\windows\SYSNATIVE\DRIVERS\tbwkern.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 20:40    453736    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 08:12]
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 15:54]
.
2014-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 15:54]
.
2014-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3228531912-3426476702-9034872-1000Core.job
- c:\users\HEPACart\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 15:59]
.
2014-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3228531912-3426476702-9034872-1000UA.job
- c:\users\HEPACart\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 15:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-01-18 02:25    1504608    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-01-18 02:25    1504608    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-01-18 02:25    1504608    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 21:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 21:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 21:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 21:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 21:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 21:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-01-27 1229280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://portal.hosted-commerce.net
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\HEPACart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk - c:\program files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
@DACL=(02 0000)
@="Dropbox Autoplay COM Server"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}]
@DACL=(02 0000)
@="DMCComponent"
"AppID"="{3A999A50-AB25-4A20-90A9-08F71FCE320F}"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}]
@DACL=(02 0000)
@="GoToMeeting Outlook COM Addin"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}]
@DACL=(02 0000)
@="DMCComponent"
"AppID"="{98087D89-B93F-4BCF-A998-AE4D9F607C14}"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
@DACL=(02 0000)
@="SyncingOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}]
@DACL=(02 0000)
@="DMCComponent"
"AppID"="{B286F068-5B17-4AE8-989B-8F9A199C47BA}"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
@DACL=(02 0000)
@="ErrorOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}]
@DACL=(02 0000)
@="SkyDriveEx"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
@DACL=(02 0000)
@="UpToDateOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}]
@DACL=(02 0000)
@="SyncFileInformationProvider Class"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
.
**************************************************************************
.
Completion time: 2014-02-14  12:01:57 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-14 18:01
.
Pre-Run: 749,283,246,080 bytes free
Post-Run: 748,703,047,680 bytes free
.
- - End Of File - - 1521B0EDB420CF7086354C3507C61594
A36C5E4F47E84449FF07ED3517B43A31
 



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:33 PM

Posted 14 February 2014 - 05:59 PM

Hi,
 

How did you learn to analyze these reports?

We all go through a school at one of about a handful of approved training sites where we learn about how to use the tools safely and read the logs created.  It varies on how long training is, but I think it took my 10 months to finish.  
-----------------------
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    DDS::
    uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
     
    Folder::
    c:\program files (x86)\BloCKUTubeAd

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 

81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Post the new logs and let me know how your system is running.   :)


Posted Image
 
Posted Image
 
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.


If you are satisfied with the help that you have received, please consider a donation. Posted Image

#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:33 PM

Posted 16 February 2014 - 03:32 PM

Still with me?


Posted Image
 
Posted Image
 
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.


If you are satisfied with the help that you have received, please consider a donation. Posted Image

#12 arelles

arelles
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas City
  • Local time:04:33 PM

Posted 17 February 2014 - 10:46 AM

Yes, sorry, I only have access to this computer during the work week.

Here is the requested scan, thanks!

Also, where would I go to learn more about the training sites you mentioned?

I have been interested in learning about this for some time now, time to take action!

 

ComboFix 14-02-16.01 - HEPACart 02/17/2014   8:17.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8061.6034 [GMT -6:00]
Running from: c:\users\HEPACart\Desktop\ComboFix.exe
Command switches used :: c:\users\HEPACart\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BloCKUTubeAd
c:\users\HEPACart\AppData\Local\assembly\tmp
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm\3.2_0\background.html
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm\3.2_0\content.js
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm\3.2_0\dYpSTrZrE4n.js
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm\3.2_0\lsdb.js
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmfhomngnhgigoddlgcjhakholphmm\3.2_0\manifest.json
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hepmfhomngnhgigoddlgcjhakholphmm_0.localstorage-journal
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hepmfhomngnhgigoddlgcjhakholphmm_0.localstorage
c:\users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-17 to 2014-02-17  )))))))))))))))))))))))))))))))
.
.
2014-02-17 14:23 . 2014-02-17 14:23    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-16 07:53 . 2014-02-16 07:53    75888    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACFDFE0C-B1C8-47BA-AA94-4AAD759A487E}\offreg.dll    ERROR(0x00000005)
2014-02-14 09:02 . 2013-12-21 09:53    548864    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-14 09:02 . 2013-12-21 08:56    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-02-14 09:00 . 2014-02-06 09:50    2041856    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-14 09:00 . 2014-02-06 09:22    13051392    ----a-w-    c:\windows\system32\ieframe.dll
2014-02-14 09:00 . 2014-02-06 10:11    5768704    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-14 09:00 . 2014-02-06 09:25    4244480    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-02-13 15:06 . 2013-12-04 03:28    10315576    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACFDFE0C-B1C8-47BA-AA94-4AAD759A487E}\mpengine.dll    ERROR(0x00000005)
2014-02-13 14:30 . 2014-02-13 14:32    --------    d-----w-    C:\FRST
2014-02-12 21:09 . 2014-02-12 21:09    119000    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-12 21:08 . 2014-02-12 21:08    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-12 15:07 . 2013-12-04 03:28    10315576    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll    ERROR(0x00000005)
2014-02-05 07:12 . 2014-02-05 08:12    5556104    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-01-23 14:58 . 2014-01-23 14:58    --------    d-----w-    c:\windows\ERUNT
2014-01-23 14:17 . 2013-10-18 17:19    965000    ------w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43D8276C-245D-4C71-9EFF-C2CC9048CB7B}\gapaengine.dll    ERROR(0x00000005)
2014-01-23 14:15 . 2014-02-12 20:34    --------    d-----w-    C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 09:00 . 2011-05-12 14:42    88567024    ----a-w-    c:\windows\system32\MRT.exe
2014-02-05 08:12 . 2012-06-26 14:25    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 08:12 . 2011-06-14 15:15    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-19 07:33 . 2011-05-12 14:26    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-04 01:22 . 2011-08-30 15:55    22240    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll    ERROR(0x00000005)
2013-12-19 03:09 . 2014-01-17 14:23    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-03 18:04 . 2013-12-03 18:04    53248    ----a-r-    c:\users\HEPACart\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-12-03 18:04 . 2013-12-03 18:04    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-12-03 09:02 . 2013-12-03 09:02    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 09:02 . 2013-12-03 09:02    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-12-03 09:02 . 2013-12-03 09:02    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 09:02 . 2013-12-03 09:02    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-12-03 09:02 . 2013-12-03 09:02    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-12-03 09:02 . 2013-12-03 09:02    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 09:02 . 2013-12-03 09:02    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-12-03 09:02 . 2013-12-03 09:02    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-12-03 09:02 . 2013-12-03 09:02    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-12-03 09:02 . 2013-12-03 09:02    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 09:02 . 2013-12-03 09:02    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 09:02 . 2013-12-03 09:02    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-12-03 09:02 . 2013-12-03 09:02    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-12-03 09:02 . 2013-12-03 09:02    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-12-03 09:02 . 2013-12-03 09:02    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-12-03 09:02 . 2013-12-03 09:02    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-12-03 09:02 . 2013-12-03 09:02    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-12-03 09:02 . 2013-12-03 09:02    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 09:02 . 2013-12-03 09:02    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 09:02 . 2013-12-03 09:02    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-12-03 09:02 . 2013-12-03 09:02    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 09:02 . 2013-12-03 09:02    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-12-03 09:02 . 2013-12-03 09:02    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 09:02 . 2013-12-03 09:02    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-12-03 09:02 . 2013-12-03 09:02    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-12-03 09:02 . 2013-12-03 09:02    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-12-03 09:02 . 2013-12-03 09:02    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-12-03 09:02 . 2013-12-03 09:02    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-12-03 09:02 . 2013-12-03 09:02    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-12-03 09:02 . 2013-12-03 09:02    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-12-03 09:02 . 2013-12-03 09:02    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-12-03 09:02 . 2013-12-03 09:02    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-12-03 09:02 . 2013-12-03 09:02    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-12-03 09:02 . 2013-12-03 09:02    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-12-03 09:02 . 2013-12-03 09:02    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-12-03 09:02 . 2013-12-03 09:02    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-12-03 09:02 . 2013-12-03 09:02    413696    ----a-w-    c:\windows\system32\html.iec
2013-12-03 09:02 . 2013-12-03 09:02    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 09:02 . 2013-12-03 09:02    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-12-03 09:02 . 2013-12-03 09:02    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-12-03 09:02 . 2013-12-03 09:02    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-12-03 09:02 . 2013-12-03 09:02    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-12-03 09:02 . 2013-12-03 09:02    235520    ----a-w-    c:\windows\system32\url.dll
2013-12-03 09:02 . 2013-12-03 09:02    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-12-03 09:02 . 2013-12-03 09:02    147968    ----a-w-    c:\windows\system32\occache.dll
2013-12-03 09:02 . 2013-12-03 09:02    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-12-03 09:02 . 2013-12-03 09:02    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-12-03 09:02 . 2013-12-03 09:02    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-12-03 09:02 . 2013-12-03 09:02    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-12-03 09:02 . 2013-12-03 09:02    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-12-03 09:02 . 2013-12-03 09:02    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-12-03 09:02 . 2013-12-03 09:02    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-27 01:41 . 2014-01-15 05:24    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 05:24    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 05:24    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 05:24    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 05:24    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 05:24    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 05:24    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 05:24    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 05:24    3156480    ----a-w-    c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-11 05:57    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 05:57    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-06 20:48    222832    ----a-w-    c:\users\HEPACart\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-06 20:48    222832    ----a-w-    c:\users\HEPACart\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-06 20:48    222832    ----a-w-    c:\users\HEPACart\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\HEPACart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\HEPACart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\HEPACart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kensington TrackballWorks"="c:\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe" [2012-02-20 504320]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-14 6563608]
"uTorrent"="c:\users\HEPACart\AppData\Roaming\uTorrent\uTorrent.exe" [2014-01-31 904272]
"C045489B34E68F991488A1C4E03142C6A5F43DC8._service_run"="c:\users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
"GoogleChromeAutoLaunch_28FE60F037DB811F5F66C678252E56D1"="c:\users\HEPACart\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"DMXLauncher"="c:\program files (x86)\Roxio\CinePlayer\DMXLauncher.exe" [2007-02-12 109304]
"K3805"="c:\program files (x86)\Alchemy Elixir\control.exe" [2008-06-13 237568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\HEPACart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2014-1-28 1104736]
Karen's Replicator.lnk - c:\program files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe [2010-2-7 1189360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files (x86)\PFU\CardMinder\CardLauncher.exe [2011-5-12 77824]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-5-12 15360]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-5-12 1056768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
R2 2384af53;Network Acceleration;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys;c:\windows\SYSNATIVE\DRIVERS\radpms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 Canon NetSpot Console Server;Canon NetSpot Console;c:\program files (x86)\Canon\nsc\wnappsrv.exe;c:\program files (x86)\Canon\nsc\wnappsrv.exe [x]
S2 Canon NetSpot Web Service;Canon NetSpot Console Web Service;c:\program files (x86)\Canon\nsc\wnwebsrv.exe;c:\program files (x86)\Canon\nsc\wnwebsrv.exe [x]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 tbwkern;Kensington TrackballWorks driver;c:\windows\system32\DRIVERS\tbwkern.sys;c:\windows\SYSNATIVE\DRIVERS\tbwkern.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 20:40    453736    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 08:12]
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 15:54]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 15:54]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3228531912-3426476702-9034872-1000Core.job
- c:\users\HEPACart\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 15:59]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3228531912-3426476702-9034872-1000UA.job
- c:\users\HEPACart\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 15:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-01-18 02:25    1504608    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-01-18 02:25    1504608    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-01-18 02:25    1504608    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 21:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 21:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 21:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 21:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 21:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 21:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-01-27 1229280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://portal.hosted-commerce.net
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
@DACL=(02 0000)
@="Dropbox Autoplay COM Server"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}]
@DACL=(02 0000)
@="DMCComponent"
"AppID"="{3A999A50-AB25-4A20-90A9-08F71FCE320F}"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}]
@DACL=(02 0000)
@="GoToMeeting Outlook COM Addin"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}]
@DACL=(02 0000)
@="DMCComponent"
"AppID"="{98087D89-B93F-4BCF-A998-AE4D9F607C14}"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
@DACL=(02 0000)
@="SyncingOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}]
@DACL=(02 0000)
@="DMCComponent"
"AppID"="{B286F068-5B17-4AE8-989B-8F9A199C47BA}"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
@DACL=(02 0000)
@="ErrorOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}]
@DACL=(02 0000)
@="SkyDriveEx"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
@DACL=(02 0000)
@="UpToDateOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}]
@DACL=(02 0000)
@="SyncFileInformationProvider Class"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-3228531912-3426476702-9034872-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-17  08:25:51
ComboFix-quarantined-files.txt  2014-02-17 14:25
ComboFix2.txt  2014-02-14 18:02
.
Pre-Run: 749,209,763,840 bytes free
Post-Run: 749,032,112,128 bytes free
.
- - End Of File - - 7EF9BB1DDBA5705651BE7C452C2222FD
A36C5E4F47E84449FF07ED3517B43A31
 



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:33 PM

Posted 17 February 2014 - 12:04 PM

Hi,
 

Also, where would I go to learn more about the training sites you mentioned?
I have been interested in learning about this for some time now, time to take action!

That sounds great!  You can check out the information about our school here at Bleeping Computer here.   :)
 
--------------
 
Don't forget about the logs from AdwCleaner and Junkware Removal Tool and let me know how your system is running.


Posted Image
 
Posted Image
 
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.


If you are satisfied with the help that you have received, please consider a donation. Posted Image

#14 arelles

arelles
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas City
  • Local time:04:33 PM

Posted 17 February 2014 - 02:09 PM

COMPLETELY read right past the other two instructions, sorry.  I will run JRT and report back, thanks.

Here is the ADWCleaner report:

 

# AdwCleaner v3.019 - Report created 17/02/2014 at 12:58:08
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : HEPACart - HEPACART-DT
# Running from : C:\Users\HEPACart\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 2384af53

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Network Acceleration

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{2384af53}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\HEPACart\AppData\Roaming\Mozilla\Firefox\Profiles\uxyysaim.default\prefs.js ]

Line Deleted : user_pref("extensions.14aBN349ChL.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/ressbar.com[^f]+fid=65[...]

-\\ Google Chrome v

[ File : C:\Users\HEPACart\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12543 octets] - [23/01/2014 08:15:59]
AdwCleaner[R1].txt - [1244 octets] - [12/02/2014 14:33:20]
AdwCleaner[R2].txt - [1816 octets] - [17/02/2014 12:48:25]
AdwCleaner[S0].txt - [12166 octets] - [23/01/2014 08:27:29]
AdwCleaner[S1].txt - [1755 octets] - [17/02/2014 12:58:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1815 octets] ##########
 



#15 arelles

arelles
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas City
  • Local time:04:33 PM

Posted 17 February 2014 - 02:30 PM

Man, this thing is tough to get rid of!

JRT report:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by HEPACart on Mon 02/17/2014 at 13:11:26.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\HEPACart\AppData\Roaming\mozilla\firefox\profiles\uxyysaim.default\minidumps [3 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/17/2014 at 13:18:11.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
And, I still have the BloCKUTubeAd 3.2 extension.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users