Regent

The problem persists. I was in touch with Babylon. They were unable to fix it either. They said they would be in touch with Malwarebytes on this subject.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-08-2014 Ran by Dimitri Villard at 2014-08-07 18:06:08 Run:2 Running from C:\Users\Dimitri Villard\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Preferences ***************** C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. ==== End of Fixlog ====

I reset the Chrome browser. That didn't remove it :=(

As previously reported Malwarebytes Pro was already installed. The log from the latest scan is copied below. Please note 15 Windows Updates on July 8 failed due to the crash. I am very concerned about this. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/12/2014Scan Time: 3:00:59 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.12.01Rootkit Database: v2014.07.09.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Dimitri Villard Scan Type: Threat ScanResult: CompletedObjects Scanned: 401021Time Elapsed: 12 min, 19 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.Babylon.A, C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86" ],), ,[0b96128ccbb02115f1cc834931d319e7] Physical Sectors: 0(No malicious items detected) (end)

I had an issue: I downloaded 2 sets of Windows updates last night, the second required a reboot. On rebooting, the computer could not start and entered into Startup Repair Mode, and suggested using a Restore Point when it was running OK. I selected Yes and after 10 - 15 minutes the computer did restart successfully. The restore point must be after I installed the various programs you instructed me to install previously as they are still on the desktop. Obviously I am concerned that changes were made to the Registry or elsewhere that caused the crash, and now I don't know if the latest Windows updates are installed or not.. Also, as you know I already ran the adwCleaner and JRT programs. Malwarebytes is still reporting the PUP. I will await a response before doing anything further.

Actually the ESET Online scan raced to the finish just now. The Themida ones are relevant to a program I bought and use (WTT, Cyclesengine2) Here is the text file: C:\AdwCleaner\Quarantine\C\ProgramData\Ask\APN-Stub\AD5\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Sandbox\Dimitri_Villard\DefaultBox\user\current\AppData\Local\Temp\BunndleOfferManager.dll a variant of Win32/Bunndle potentially unsafe applicationC:\Sandbox\Dimitri_Villard\DefaultBox\user\current\AppData\Local\Temp\Ugtg0gu0.exe.part Win32/Graboid potentially unsafe applicationC:\Users\Dimitri Villard\Carbonite Restored OLD User Settings\AppData\Roaming\OpenCandy\OpenCandy_1447F06B17FF4376A7A6DA7BEABF0AC6\LatestDLMgr.exe a variant of Win32/OpenCandy.A potentially unsafe applicationC:\Users\Dimitri Villard\Desktop\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Users\Dimitri Villard\Downloads\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Users\Dimitri Villard\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Users\Dimitri Villard\Downloads\FreemakeVideoDownloaderSetup.exe Win32/OpenCandy potentially unsafe applicationC:\Users\Dimitri Villard\Downloads\PIP267_AVR8_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Users\Dimitri Villard\Downloads\wtt_cycles_setup (1).exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\Users\Dimitri Villard\Downloads\wtt_cycles_setup (2).exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\Users\Dimitri Villard\Downloads\WTT_Cycles_Setup.exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\Users\Dimitri Villard\Downloads\Downloads\ftpsetup.exe a variant of Win32/Tool.ServiceRunner potentially unsafe applicationC:\WTT\cyclesengine2.dll a variant of Win32/Packed.Themida potentially unwanted applicationC:\WTT\MSCVL.ocx a variant of Win32/Packed.Themida potentially unwanted application

When I looked at the screen this morning (LA time) I saw that Malwarebytes had detected it - I thought I had suspended Malwarebytes but maybe after one of the restarts I forgot to suspend it again. I told the program to "Ignore Once" we are now 14 hours into the ESET scan with only 74% done. I wonder whether what is being scanned now is redundant since what it's scanning is the G drive which is the Carbonite mirror backup which would be replaced by a new image after changes to the C drive?

Please excuse the delay in reporting the results of these steps. FYI the JRT reported a "bad module" and wanted to restart the computer. After the restart, there was no file displayed, just an empty box. The ESET Online Scan has been running for approx 15 hours and is only 71% finished, because it is also scanning my external drive that Carbonite backs up a mirror image to. I think there may be more than one image on there. So far it has found a total of 15 threats some of which must be duplicates because they are on the mirror image(s). Some of these I am sure relate to a Win32/Packed Themida threat that is just a protective wrapper used by some software I bought to prevent hacking it. Please note I have the regular paid version of ESET on my computer and always scan the entire drive every week. I will post the results when the online scan is finished, hopefully latertoday. One question: since I have the Premium version of Malwarebytes, I note there is an option to Quarantine the Pup.Optional.Babylon,A threat that it finds. What would happen if I just chose that option? Thanks very much for your kind help! In the meantime I have copied the fixlog.txt and the adwcleaner txt to this message: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01Ran by Dimitri Villard at 2014-07-07 18:08:50 Run:1Running from C:\Users\Dimitri Villard\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************C:\Users\Dimitri Villard\AppData\Roaming\CamLayout.iniC:\Users\Dimitri Villard\AppData\Roaming\CamShapes.iniC:\ProgramData\flashax10.exeHandler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - No FileHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No FileToolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File CHR StartupUrls: "hxxp://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86"***************** C:\Users\Dimitri Villard\AppData\Roaming\CamLayout.ini => Moved successfully.C:\Users\Dimitri Villard\AppData\Roaming\CamShapes.ini => Moved successfully.C:\ProgramData\flashax10.exe => Moved successfully.'HKCR\PROTOCOLS\Handler\intu-help-qb7' => Key deleted successfully.'HKCR\CLSID\{5A03BD9D-766D-47A6-8E87-CD90F60BE245}'=> Key not found.'HKCR\PROTOCOLS\Handler\qbwc' => Key deleted successfully.'HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57}'=> Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.'HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}'=> Key not found.CHR StartupUrls: "hxxp://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86" ==> The Chrome "Settings" can be used to fix the entry. ==== End of Fixlog ==== # AdwCleaner v3.214 - Report created 07/07/2014 at 18:16:05# Updated 29/06/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Dimitri Villard - DIMITRIVILLARD# Running from : C:\Users\Dimitri Villard\Desktop\adwcleaner_3.214.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\GenesisFolder Deleted : C:\ProgramData\AskFolder Deleted : C:\Program Files (x86)\Application UpdaterFolder Deleted : C:\Program Files (x86)\pdfforge ToolbarFolder Deleted : C:\Program Files (x86)\Common Files\SpigotFolder Deleted : C:\Users\Dimitri Villard\AppData\LocalLow\pdfforgeFolder Deleted : C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdfFolder Deleted : C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfghFolder Deleted : C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigjFile Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\pdfforge@mybrowserbar.comFile Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\wtxpcom@mybrowserbar.com ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdfKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfghKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigjKey Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLLKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\robotaskbaricon_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\robotaskbaricon_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]Key Deleted : HKCU\Software\APN PIPKey Deleted : HKCU\Software\PIPKey Deleted : HKLM\Software\PIPKey Deleted : HKLM\Software\TENCENT ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default\prefs.js ] -\\ Google Chrome v20.0.1132.57 [ File : C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3032526Deleted [search Provider] : hxxps://isearch.avg.com/search?cid={25501502-4C11-42A0-8176-C08709E98CC1}&mid=〈=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}Deleted [startup_urls] : hxxp://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86Deleted [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdfDeleted [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfghDeleted [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj ************************* AdwCleaner[R0].txt - [3610 octets] - [07/07/2014 18:11:58]AdwCleaner[s0].txt - [3944 octets] - [07/07/2014 18:16:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4004 octets] ##########

I have the premium edition of Malwarebytes. For weeks Malwarebytes has been identifying this infection and I have been selecting "Ignore Once" I noticed that my Chrome browser is often being redirected and Chrome blocks the site as "not Google.com"; I don't know if that's related to Babylon. Thank you for helping me. (I do not see where to choose "Immediate Email Notification" under Options) Per the instructions I am posting this new topic here and pasting the FRST.txt file below, and attaching the Addition.txt file: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01Ran by Dimitri Villard (administrator) on DIMITRIVILLARD on 06-07-2014 15:41:32Running from C:\Users\Dimitri Villard\DesktopPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(WebEx Communications, Inc.) C:\Windows\SysWOW64\atashost.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Spotify Ltd) C:\Users\Dimitri Villard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe(ScanBizCards) C:\Program Files (x86)\CardScanSync\CardScanSync.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(JME) C:\Program Files (x86)\jmesoft\hotkey.exe(Lenovo) C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe(Lenovo) C:\Program Files\Lenovo\HealthCare\HealthCare.exe() C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe(CardScan, Inc.) C:\Program Files (x86)\CardScan\CardScan\CardScanAgent.exe(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Dropbox, Inc.) C:\Users\Dimitri Villard\AppData\Roaming\Dropbox\bin\Dropbox.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe(Lenovo) C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe(Lenovo) C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Nitro PDF) C:\Program Files (x86)\Nitro\Reader 3\NitroPDFReader.exe(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] => C:\Windows\test.batHKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4081008 2012-07-29] (ESET)HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)HKLM-x32\...\Run: [jmekey] => C:\Program Files (x86)\jmesoft\hotkey.exe [114688 2009-07-16] (JME)HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe [163840 2009-09-27] (Lenovo)HKLM-x32\...\Run: [Healthcare] => C:\Program Files\Lenovo\HealthCare\HealthCare.exe [827392 2009-09-28] (Lenovo)HKLM-x32\...\Run: [setDefaultSCR] => C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-12-30] (Lenovo)HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [scanSnap WIA Service Checker] => C:\windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [CardScanAgent] => C:\Program Files (x86)\CardScan\CardScan\CardScanAgent.exe [152824 2008-08-27] (CardScan, Inc.)HKLM-x32\...\Run: [bingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1053192 2014-01-31] (Carbonite, Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [GoogleChromeAutoLaunch_EAB773A5E995A146A0D7E06C45FF7018] => C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [Google Update] => C:\Users\Dimitri Villard\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-29] (Google Inc.)HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [spotify Web Helper] => C:\Users\Dimitri Villard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-20] (Spotify Ltd)HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-07-05] (Siber Systems)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnkShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardScanSync Service.lnkShortcutTarget: CardScanSync Service.lnk -> C:\Windows\Installer\{0EB7A7DA-6A5A-4AE1-B141-305D27188377}\_21469DB4E9CFFD2BED2FCD.exe ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnkShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnkShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnkShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnkShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)Startup: C:\Users\Dimitri Villard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Dimitri Villard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Dimitri Villard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)Startup: C:\Users\Dimitri Villard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnkShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.comStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\MasterWriter 2.0\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cabDPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dllHandler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - No FileHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No FileHandler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 10.10.10.1 209.18.47.61 209.18.47.62 FireFox:========FF ProfilePath: C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.defaultFF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\AnyMeeting Plug-in\npcnwplugin.dll (AnyMeeting, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Dimitri Villard\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Dimitri Villard\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Dimitri Villard\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: tdameritrade.com/thinkorswim - C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default\Extensions\LogMeInClient@logmein.com [2014-06-16]FF Extension: No Name - C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default\Extensions\staged [2014-07-01]FF Extension: NoScript - C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-31]FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-06-16]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-06-16]FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-07-29]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-07-29]FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.comFF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-06-10]FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.comFF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-06-10]FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\FirefoxFF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-06-10]FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\FirefoxFF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-07-30]FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-07-29]FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\FirefoxFF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-07-30] Chrome: =======CHR HomePage: hxxp://www.google.com/CHR StartupUrls: "hxxp://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86"CHR Plugin: (Shockwave Flash) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll (Siber Systems Inc.)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll (Cisco WebEx LLC)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Google Update) - C:\Users\Dimitri Villard\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Extension: (Session Manager) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2013-05-15]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]CHR Extension: (YouTube) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-29]CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-03-27]CHR Extension: (Freemake Video Downloader) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-06-13]CHR Extension: (Google Search) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-29]CHR Extension: (Session Buddy) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-05-15]CHR Extension: (Chromebleed) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-12]CHR Extension: (Freemake Youtube Download Button) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-06-13]CHR Extension: (Speek Google Calendar Add-On) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekemipommpaihcpnicokfjopgipanaib [2013-04-22]CHR Extension: (Chrome Remote Desktop) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-02-09]CHR Extension: (AnyMeeting) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\haclnjenbegodadajbpfgiejpooonhdb [2013-06-27]CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-05-26]CHR Extension: (Freemake Video Converter) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-06-13]CHR Extension: (Google Wallet) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]CHR Extension: (Free Fax in the US, Canada) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiidojdnglaafokickcabfmfhpkhdcgp [2014-03-27]CHR Extension: (Evernote Web Clipper) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-01-16]CHR Extension: (Google Reader) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2012-08-31]CHR Extension: (Gmail) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-29]CHR Extension: (RoboForm) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-02-20]CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-06-10]CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-06-10]CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-06-10]CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]CHR StartMenuInternet: Google Chrome - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 atashost; C:\windows\SysWOW64\atashost.exe [43912 2012-08-24] (WebEx Communications, Inc.)R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.)R2 CEEBC40A-FDED-4C59-B354-939132350B01; C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [96752 2009-10-12] ()R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe [51016 2014-06-09] (Google Inc.)R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [913144 2012-03-07] (ESET)S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-14] (Freemake) [File not signed]R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-05-14] (Ellora Assets Corp.) [File not signed]R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe [49152 2009-09-30] (Lenovo) [File not signed]R3 LitModeCtrl; C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe [81920 2009-11-11] (Lenovo) [File not signed]R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-07] (LogMeIn, Inc.)R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-07] (LogMeIn, Inc.)R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [895696 2009-10-27] (McAfee, Inc.)R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86016 2010-09-13] (PC Pitstop LLC) [File not signed]R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-27] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209768 2012-03-14] (ESET)R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-14] (ESET)R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2012-03-14] (ESET)R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)S4 LMIRfsClientNP; No ImagePathR3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-06] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-07-16] (McAfee, Inc.)S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-07-29] (Acronis)S3 vmkbd2; C:\windows\system32\drivers\VMkbd.sys [33496 2014-06-12] (VMware, Inc.)R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)R2 WinI2C-DDC; C:\windows\system32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)R2 WinI2C-DDC; C:\windows\SysWOW64\drivers\DDCDrv.sys [16200 2009-03-02] (Nicomsoft Ltd.)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-06 15:41 - 2014-07-06 15:42 - 00044706 _____ () C:\Users\Dimitri Villard\Desktop\FRST.txt2014-07-06 15:41 - 2014-07-06 15:41 - 00000000 ____D () C:\FRST2014-07-06 15:33 - 2014-07-06 15:34 - 02084352 _____ (Farbar) C:\Users\Dimitri Villard\Desktop\FRST64.exe2014-07-06 15:25 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe2014-07-06 15:25 - 2014-06-12 18:23 - 00064728 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmx86.sys2014-07-06 15:25 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe2014-07-06 15:25 - 2014-06-12 18:21 - 00033496 _____ (VMware, Inc.) C:\windows\system32\Drivers\VMkbd.sys2014-07-06 15:25 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\windows\system32\Drivers\vsock.sys2014-07-06 15:25 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\windows\system32\vsocklib.dll2014-07-06 15:25 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\windows\SysWOW64\vsocklib.dll2014-07-06 15:24 - 2014-06-12 18:22 - 00931032 _____ (VMware, Inc.) C:\windows\system32\vnetlib64.dll2014-07-06 15:24 - 2014-06-12 18:22 - 00031448 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetuserif.sys2014-07-06 15:24 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\windows\system32\Drivers\hcmon.sys2014-07-06 15:23 - 2014-07-06 15:23 - 00002080 _____ () C:\Users\Public\Desktop\VMware Player.lnk2014-07-06 15:23 - 2014-07-06 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware2014-07-06 15:22 - 2014-07-06 15:22 - 00000000 ____D () C:\Program Files\Common Files\VMware2014-07-05 16:00 - 2014-07-05 16:01 - 88748490 _____ () C:\Users\Dimitri Villard\Downloads\DVDFab v9.156.rar2014-06-20 22:48 - 2014-07-06 14:37 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-06-20 22:48 - 2014-06-20 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-20 22:48 - 2014-06-20 22:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-20 22:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-06-20 22:48 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-06-19 16:35 - 2014-06-19 16:35 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Local\Adobe2014-06-18 19:54 - 2014-06-18 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote2014-06-16 10:02 - 2014-06-16 10:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-06-12 18:22 - 2014-06-12 18:22 - 00080464 _____ (VMware, Inc.) C:\windows\system32\vmnetbridge.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00049232 _____ (VMware, Inc.) C:\windows\system32\vnetinst.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00046160 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetbridge.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00024656 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnet.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00020560 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetadapter.sys2014-06-11 06:22 - 2014-05-30 01:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-06-11 06:21 - 2014-05-30 03:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-06-11 06:21 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-06-11 06:21 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-06-11 06:21 - 2014-05-30 02:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-06-11 06:21 - 2014-05-30 02:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-06-11 06:21 - 2014-05-30 02:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-06-11 06:21 - 2014-05-30 02:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-06-11 06:21 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-06-11 06:21 - 2014-05-30 02:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-06-11 06:21 - 2014-05-30 02:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-06-11 06:21 - 2014-05-30 02:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-06-11 06:21 - 2014-05-30 02:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-06-11 06:21 - 2014-05-30 02:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-06-11 06:21 - 2014-05-30 02:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-06-11 06:21 - 2014-05-30 02:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-06-11 06:21 - 2014-05-30 02:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-06-11 06:21 - 2014-05-30 02:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-06-11 06:21 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-06-11 06:21 - 2014-05-30 01:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-06-11 06:21 - 2014-05-30 01:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-06-11 06:21 - 2014-05-30 01:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-06-11 06:21 - 2014-05-30 01:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-06-11 06:21 - 2014-05-30 01:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-06-11 06:21 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-06-11 06:21 - 2014-05-30 01:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-06-11 06:21 - 2014-05-30 01:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-06-11 06:21 - 2014-05-30 01:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-06-11 06:21 - 2014-05-30 01:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-06-11 06:21 - 2014-05-30 01:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-06-11 06:21 - 2014-05-30 01:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-06-11 06:21 - 2014-05-30 01:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-06-11 06:21 - 2014-05-30 01:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-06-11 06:21 - 2014-05-30 01:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-06-11 06:21 - 2014-05-30 01:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-06-11 06:21 - 2014-05-30 01:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-06-11 06:21 - 2014-05-30 01:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-06-11 06:21 - 2014-05-30 01:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-06-11 06:21 - 2014-05-30 01:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-06-11 06:21 - 2014-05-30 01:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-06-11 06:21 - 2014-05-30 00:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-06-11 06:21 - 2014-05-30 00:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-06-11 06:21 - 2014-05-30 00:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-06-11 06:21 - 2014-05-30 00:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2014-06-11 06:21 - 2014-05-30 00:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-06-11 06:21 - 2014-05-30 00:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-06-11 06:21 - 2014-05-30 00:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-06-11 06:21 - 2014-05-30 00:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-06-11 06:21 - 2014-05-30 00:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-06-11 06:21 - 2014-05-30 00:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-06-11 06:21 - 2014-05-30 00:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-06-11 06:21 - 2014-05-30 00:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-06-11 06:19 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll2014-06-11 06:19 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll2014-06-11 06:19 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll2014-06-11 06:19 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll2014-06-11 06:19 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2014-06-11 06:19 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS2014-06-11 06:19 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll2014-06-11 06:19 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2014-06-11 06:19 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll2014-06-11 06:19 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll2014-06-11 06:19 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll2014-06-11 06:19 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2014-06-11 06:19 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll2014-06-11 06:19 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll ==================== One Month Modified Files and Folders ======= 2014-07-06 15:42 - 2014-07-06 15:41 - 00044706 _____ () C:\Users\Dimitri Villard\Desktop\FRST.txt2014-07-06 15:41 - 2014-07-06 15:41 - 00000000 ____D () C:\FRST2014-07-06 15:35 - 2012-07-29 23:25 - 00000948 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4231272693-1600837509-2429716476-1001UA.job2014-07-06 15:34 - 2014-07-06 15:33 - 02084352 _____ (Farbar) C:\Users\Dimitri Villard\Desktop\FRST64.exe2014-07-06 15:28 - 2012-07-29 12:36 - 00003990 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{71CB2D6D-BCC4-4303-B327-25EDCA8574EC}2014-07-06 15:25 - 2012-08-11 16:31 - 00000000 ____D () C:\ProgramData\VMware2014-07-06 15:23 - 2014-07-06 15:23 - 00002080 _____ () C:\Users\Public\Desktop\VMware Player.lnk2014-07-06 15:23 - 2014-07-06 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware2014-07-06 15:23 - 2012-07-29 20:02 - 00803632 _____ () C:\windows\SysWOW64\PerfStringBackup.INI2014-07-06 15:22 - 2014-07-06 15:22 - 00000000 ____D () C:\Program Files\Common Files\VMware2014-07-06 15:21 - 2013-07-15 00:25 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-06 15:21 - 2013-07-15 00:25 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-06 15:11 - 2014-02-17 11:01 - 00000558 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-4231272693-1600837509-2429716476-1001.job2014-07-06 15:01 - 2012-10-10 06:12 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-07-06 15:01 - 2012-08-19 11:08 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\VMware2014-07-06 15:01 - 2012-08-19 11:08 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Local\VMware2014-07-06 14:37 - 2014-06-20 22:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-07-06 14:32 - 2013-03-06 12:59 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\Nitro PDF2014-07-06 14:32 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\system32\FxsTmp2014-07-06 09:02 - 2012-07-29 12:13 - 01674868 _____ () C:\windows\WindowsUpdate.log2014-07-06 06:42 - 2014-05-23 16:46 - 00000000 ____D () C:\ProgramData\PCPitstop2014-07-06 06:41 - 2013-06-08 22:56 - 00000000 ____D () C:\ProgramData\LogMeIn2014-07-05 21:35 - 2012-07-29 23:25 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4231272693-1600837509-2429716476-1001Core.job2014-07-05 16:30 - 2012-07-30 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm2014-07-05 16:06 - 2012-07-29 14:25 - 00000000 ____D () C:\Users\Dimitri Villard\Documents\Outlook Files2014-07-05 16:04 - 2012-07-30 06:53 - 00000000 ____D () C:\Program Files (x86)\QuoteTracker2014-07-05 16:01 - 2014-07-05 16:00 - 88748490 _____ () C:\Users\Dimitri Villard\Downloads\DVDFab v9.156.rar2014-07-05 16:00 - 2013-11-24 12:03 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Local\2F481989-40D3-415C-B818-FEBB6AC22A65.aplzod2014-07-05 02:09 - 2014-02-17 11:01 - 00003620 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4231272693-1600837509-2429716476-10012014-06-29 06:43 - 2013-04-18 15:50 - 70121984 _____ () C:\Users\Dimitri Villard\Documents\Dimitri Villard Contacts.cdb2014-06-26 23:11 - 2013-09-17 14:37 - 00000000 ____D () C:\Users\Dimitri Villard\Documents\My Photos2014-06-26 22:29 - 2012-07-29 14:16 - 00000000 ____D () C:\Users\Dimitri Villard\Documents\My Life2014-06-25 14:38 - 2009-07-13 21:45 - 00017952 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-25 14:38 - 2009-07-13 21:45 - 00017952 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-23 06:42 - 2012-07-31 19:31 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\Dropbox2014-06-23 06:42 - 2012-07-29 13:57 - 00000000 ___RD () C:\Users\Dimitri Villard\Dropbox2014-06-23 06:41 - 2014-05-14 16:09 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\DropboxMaster2014-06-23 06:41 - 2014-01-28 07:32 - 00000964 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk2014-06-23 06:41 - 2014-01-28 07:32 - 00000948 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk2014-06-23 06:41 - 2012-08-06 09:26 - 00037109 _____ () C:\Users\Dimitri Villard\Sti_Trace.log2014-06-23 06:39 - 2012-11-21 20:30 - 00000000 ____D () C:\ProgramData\NVIDIA2014-06-23 06:39 - 2012-09-03 14:23 - 00000000 _____ () C:\windows\system32\Drivers\lvuvc.hs2014-06-23 06:39 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-06-23 06:39 - 2009-07-13 21:51 - 00062717 _____ () C:\windows\setupact.log2014-06-23 06:38 - 2012-07-29 12:19 - 00794254 _____ () C:\windows\PFRO.log2014-06-20 22:49 - 2012-08-02 23:56 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\Skype2014-06-20 22:48 - 2014-06-20 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-20 22:48 - 2014-06-20 22:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-20 22:48 - 2013-12-14 15:32 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\Malwarebytes2014-06-20 22:48 - 2013-12-14 15:32 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-06-20 22:48 - 2012-06-28 06:23 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-20 15:16 - 2013-07-15 00:25 - 00003912 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-06-20 15:16 - 2013-07-15 00:25 - 00003660 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-06-19 16:35 - 2014-06-19 16:35 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Local\Adobe2014-06-19 00:52 - 2012-10-10 06:12 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-06-19 00:52 - 2012-08-30 07:39 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-06-19 00:52 - 2012-08-30 07:39 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-06-19 00:44 - 2012-07-29 23:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-06-18 19:54 - 2014-06-18 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote2014-06-17 21:30 - 2012-07-29 23:25 - 00003942 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4231272693-1600837509-2429716476-1001UA2014-06-17 21:30 - 2012-07-29 23:25 - 00003546 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4231272693-1600837509-2429716476-1001Core2014-06-17 12:19 - 2012-08-05 07:39 - 00000000 ____D () C:\Program Files (x86)\Google2014-06-16 10:02 - 2014-06-16 10:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-06-16 06:06 - 2012-07-29 12:56 - 00000000 ____D () C:\Jts2014-06-15 23:46 - 2012-07-29 12:16 - 00006127 _____ () C:\windows\system32\Config.MPF2014-06-12 18:23 - 2014-07-06 15:25 - 00359128 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe2014-06-12 18:23 - 2014-07-06 15:25 - 00064728 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmx86.sys2014-06-12 18:22 - 2014-07-06 15:25 - 00437976 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe2014-06-12 18:22 - 2014-07-06 15:24 - 00931032 _____ (VMware, Inc.) C:\windows\system32\vnetlib64.dll2014-06-12 18:22 - 2014-07-06 15:24 - 00031448 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetuserif.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00080464 _____ (VMware, Inc.) C:\windows\system32\vmnetbridge.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00049232 _____ (VMware, Inc.) C:\windows\system32\vnetinst.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00046160 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetbridge.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00024656 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnet.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00020560 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetadapter.sys2014-06-12 18:21 - 2014-07-06 15:25 - 00033496 _____ (VMware, Inc.) C:\windows\system32\Drivers\VMkbd.sys2014-06-11 13:39 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache2014-06-11 11:17 - 2012-08-02 23:56 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-06-11 11:17 - 2012-08-02 23:56 - 00000000 ____D () C:\ProgramData\Skype2014-06-11 10:33 - 2012-07-29 23:26 - 00002424 _____ () C:\Users\Dimitri Villard\Desktop\Google Chrome.lnk2014-06-11 06:30 - 2013-07-15 09:32 - 00000000 ____D () C:\windows\system32\MRT2014-06-11 06:27 - 2012-07-29 18:26 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-06-11 06:26 - 2012-07-29 16:34 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-06-10 08:05 - 2012-07-29 14:15 - 00000000 ____D () C:\Users\Dimitri Villard\Documents\My eBooks2014-06-07 18:06 - 2012-08-05 07:45 - 00000000 ____D () C:\Program Files (x86)\LogMeIn2014-06-07 18:03 - 2013-06-08 22:56 - 00107368 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll2014-06-07 18:03 - 2013-06-08 22:56 - 00092488 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll2014-06-07 18:03 - 2013-06-08 22:56 - 00035656 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll Files to move or delete:====================C:\Users\Dimitri Villard\AppData\Roaming\CamLayout.iniC:\Users\Dimitri Villard\AppData\Roaming\CamShapes.iniC:\ProgramData\flashax10.exe Some content of TEMP:====================C:\Users\Dimitri Villard\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzxjynz.dllC:\Users\Dimitri Villard\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-28 01:00 ==================== End Of Log ============================ Addition.txt

Malwarebytes shows this Trojan. Please help me clean it out of my computer. Thanks!