reluctantadmin

Members

View Profile See their activity

Posts
3
Joined
July 19, 2014
Last visited
July 23, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by reluctantadmin

can't remove babylon and buenosearch

reluctantadmin replied to reluctantadmin's topic in Resolved Malware Removal Logs

Hi Kevin, 1. malware log: Scan Type: Threat Scan Result: Completed Objects Scanned: 315232 Time Elapsed: 23 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 30 PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [e0854160df9cb38338335a3659a9db25], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [e0854160df9cb38338335a3659a9db25], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9}, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchdskBnd.1, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchdskBnd, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchdskBnd, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchdskBnd.1, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d], PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{828DC97A-2277-4E10-92A9-4907FA0922A9}, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d], PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{828DC97A-2277-4E10-92A9-4907FA0922A9}, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchHlpr.1, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchHlpr, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchHlpr, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchHlpr.1, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1], PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1], PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1], PUP.Optional.Babylon.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [3f26524f502bec4a2eaa78dec93904fc], PUP.Optional.Outobox.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\outobox, Quarantined, [6ef7abf6e49776c0de997e9148bc40c0], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchappCore, Quarantined, [85e01e834d2e26105240767011f1dc24], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchappCore.1, Quarantined, [6df8752c2b50e94dc8cad70f2fd3d828], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\esrv.buenosearchESrvc, Quarantined, [b5b0623f84f75dd93e5504e2d32f936d], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\esrv.buenosearchESrvc.1, Quarantined, [92d3d9c84d2eb87ec0d33aac03ff649c], PUP.Optional.Outobox.A, HKLM\SOFTWARE\WOW6432NODE\outobox, Quarantined, [164ffaa73249c373a4d48d82f70dba46], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchappCore, Quarantined, [8ed73c65502b1b1bade58f57f70b4fb1], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchappCore.1, Quarantined, [87de257c5328f93df69cd80ed92931cf], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.buenosearchESrvc, Quarantined, [dc89b8e96b10ca6cf59e71751ee4ef11], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.buenosearchESrvc.1, Quarantined, [dc89c7daf18a3600375c5f87f1117e82], PUP.Optional.Outobox.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\outobox, Quarantined, [df86039e3b402f0797e26da2b64eba46], PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, Quarantined, [68fd326fa3d83cfab416c9186d9510f0], Registry Values: 2 PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{828DC97A-2277-4E10-92A9-4907FA0922A9}, buenosearch Toolbar, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d] PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{828DC97A-2277-4E10-92A9-4907FA0922A9}, Quarantined, [fa6b2180235840f6cc397b18d72bff01], Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.Outobox.A, C:\Program Files (x86)\outobox, Quarantined, [6ef7abf6e49776c0de997e9148bc40c0], PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\CT3317212, Quarantined, [293cc7da0c6f58de6b93fca708faf10f], PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\CT3319613, Quarantined, [1b4affa24833d85ea955554ef60cb44c], Files: 16 PUP.Optional.ShopAtHome.A, C:\Users\David\AppData\Roaming\ShopAtHome\ShopAtHomeAppInstaller_C107628769_D1_R1061925.exe, Quarantined, [4124574ae9922c0a07cc392ecf3246ba], PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\dlLogic.exe, Quarantined, [72f32a77b8c33303af1c40026c9404fc], PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\GCVerifier.dll, Quarantined, [e3821e839cdf82b46c5efa483ec250b0], PUP.Optional.Outobox.A, C:\Users\David\AppData\Local\Temp\dlm38CB.tmp\copy1-outobox1120.exe, Quarantined, [3c292e737efd241251324005c53cc040], PUP.Optional.Outobox.A, C:\Users\David\AppData\Local\Temp\dlm38CB.tmp\outobox1120.exe, Quarantined, [7aebe5bc126945f1fc8778cd68998878], PUP.Optional.BuenoSearch.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage, Quarantined, [a7befea3f784c96dac1c776a52b08e72], PUP.Optional.BuenoSearch.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage-journal, Quarantined, [3c29acf506753df9c30610d1f40e728e], Exploit.Drop.GS, C:\Users\David\AppData\Local\Temp\conhost.dll, Quarantined, [5213227f334824128a4e25e3fc07c040], Exploit.Drop.GS, C:\Users\David\AppData\Local\Temp\csrss.dll, Quarantined, [4520940df98206300bce54b430d31ce4], PUP.Optional.Outobox.A, C:\Program Files (x86)\outobox\outobox.ico, Quarantined, [6ef7abf6e49776c0de997e9148bc40c0], PUP.Optional.Outobox.A, C:\Program Files (x86)\outobox\outoboxUninstall.exe, Quarantined, [6ef7abf6e49776c0de997e9148bc40c0], PUP.Optional.Outobox.A, C:\Program Files (x86)\outobox\sqlite3.exe, Quarantined, [6ef7abf6e49776c0de997e9148bc40c0], PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\CT3317212\ddt.csf, Quarantined, [293cc7da0c6f58de6b93fca708faf10f], PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\CT3319613\ddt.csf, Quarantined, [1b4affa24833d85ea955554ef60cb44c], PUP.Optional.BuenoSearch.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://www.buenosearch.com/?babsrc=HP_def&mntrId=78ED02704ECD0701&affID=10588&tl=gkn10811&tsp=5312",), Replaced,[b9acb2ef6b106bcb167504d5788c4cb4] PUP.Optional.BuenoSearch.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.buenosearch.com/?babsrc=HP_def&mntrId=78ED02704ECD0701&affID=10588&tl=gkn10811&tsp=5312" ],), Replaced,[fc69257cc2b97cba5f5efedb5fa5ca36] Physical Sectors: 0 (No malicious items detected) (end) 2. Adwclear log: # AdwCleaner v3.216 - Report created 19/07/2014 at 22:39:55# Updated 17/07/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : David - DAVID-HP# Running from : C:\Users\David\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabylonFolder Deleted : C:\Program Files (x86)\BabylonFolder Deleted : C:\Program Files\BabylonFolder Deleted : C:\Users\David\AppData\Local\BabylonFolder Deleted : C:\Users\David\AppData\Local\Temp\apnFolder Deleted : C:\Users\David\AppData\Local\Temp\BabylonFolder Deleted : C:\Users\David\AppData\Local\Temp\hotspot shieldFolder Deleted : C:\Users\David\AppData\Roaming\BabylonFile Deleted : C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedkaKey Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with BabylonKey Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with BabylonKey Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddinKey Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddinKey Deleted : HKLM\SOFTWARE\Classes\.bdcKey Deleted : HKLM\SOFTWARE\Classes\.bglKey Deleted : HKLM\SOFTWARE\Classes\.bofKey Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Deleted : HKLM\SOFTWARE\Classes\bKey Deleted : HKLM\SOFTWARE\Classes\BabyDictKey Deleted : HKLM\SOFTWARE\Classes\BabyGlossKey Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBhoKey Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddinKey Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFileKey Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHookKey Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exeValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [babylon Client]Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.FCTB000100987PosKey Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.FCTB000100987Pos.1Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.IEToolbarKey Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.IEToolbar.1Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.JSOptionsImplKey Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.JSOptionsImpl.1Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4CC15FBA-46A4-4CB5-BFAF-F2335365AE76}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B6E533F-F78F-4525-B316-312BAF1295D1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8322EB6E-B594-41F6-A30B-CF3F800E1874}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{928FE5E7-D557-46B7-8AF6-17ACCE1FB4ED}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E6772887-C1E1-405E-94BB-D8760A1CF8DF}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{928FE5E7-D557-46B7-8AF6-17ACCE1FB4ED}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : HKCU\Software\BabylonKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\FreecauseKey Deleted : HKLM\Software\BabylonKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Google Chrome v36.0.1985.125 [ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}Deleted [search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_def&mntrId=78ED02704ECD0701&affID=10588&tl=gkn10811&tsp=5312 ************************* AdwCleaner[R0].txt - [11380 octets] - [19/07/2014 22:12:36]AdwCleaner[R1].txt - [11441 octets] - [19/07/2014 22:15:51]AdwCleaner[R2].txt - [11502 octets] - [19/07/2014 22:28:16]AdwCleaner[s0].txt - [11167 octets] - [19/07/2014 22:39:55] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11228 octets] ########## 3. JRT.txt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Home Premium x64Ran by David on Sun 07/20/2014 at 2:30:16.48~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealFinder_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealFinder_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DealFinder_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DealFinder_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5240BF41-6440-424F-8EBF-83FE0E876DC5}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89} ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Users\David\AppData\LocalLow\FCTB000100987Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{15FEB151-DBCC-484B-BB0A-2F659FBBEB76}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{16283607-59C5-4C2F-81A9-23E3004A2357}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{17E16363-012B-4FED-A3D2-BA460F23C867}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{1A9E6429-16A2-432C-BA25-6AF6948857BF}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{1C05A6DB-6D21-4054-BEBE-D19BC5D9751D}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{1F1F7C73-6540-44C2-84FC-41E00717671A}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{209B4743-1161-4BD8-B8C9-1F7B9D06B208}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{3143B5D5-5657-4317-8FD3-93F7777A4003}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{4F7F1FE9-1CDD-472A-922B-2995D53A9C48}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{72B5B836-9412-42D0-A6DE-C04C5083151F}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{853F5BD9-006F-447B-8FAF-8BA8B93C2BA4}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{8674A0A3-5A6A-4751-9E60-E0AA6FEF80FD}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{89AC9F74-7FCA-4746-86AB-103C393C0EE8}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{89F5A52C-D532-4439-913F-E30F030B3269}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{8B6919A0-4552-4054-9B96-8D96330F46EC}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{AD0738D4-E5B5-48C4-8926-EF3A03DFA23F}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{AD4B187C-37FE-493E-9693-4739CC4DC22B}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{B3FD76BC-9FF0-4A38-AD63-B4271AB12C30}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{B61798B8-AB99-4434-9228-85D4C6114058}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{C0C768A9-35F4-4EBB-9E42-31DC9DE93DE9}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{C5F3D5CE-92F8-4D5B-BB5C-4CE0DA8B9D1F}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{C9850FD1-E897-4337-8241-35208022E6AA}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{CC26346D-0A37-4C69-96F7-0BC52C077949}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{E155FAAE-1EF7-40C9-A7EE-B6AD7858ECBD}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{E29961D2-FB9B-407A-BECE-631808686556}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{E7567038-51A7-4CE1-98EC-EEB0219FAA5F}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{E86EC86A-0D87-42B5-9773-284E68222D9B}Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{E955C48B-F7B1-435E-BF57-9310BCBA6F36} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 07/20/2014 at 2:44:47.69End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks for all of your help!
can't remove babylon and buenosearch

reluctantadmin replied to reluctantadmin's topic in Resolved Malware Removal Logs

Thanks so much for explaining about Farbar! Attached is the Addition.txt and here is the FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014Ran by David (administrator) on DAVID-HP on 19-07-2014 19:05:54Running from C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKYZFHPWPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(PC Backup) C:\Program Files\PC Backup\imonlinestat.exe(Dropbox, Inc.) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(PC Backup) C:\Program Files\PC Backup\imonlinebackup.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(PC Backup) C:\Program Files\PC Backup\imonlinebackup.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe(Microsoft Corporation) C:\Windows\System32\msiexec.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Windows\System32\audiodg.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)HKLM\...\Run: [intelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-07-09] (IDT, Inc.)HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [T-Mobile webConnect Manager] => C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe [12800 2011-01-20] (T-Mobile)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4424704 2013-11-05] (Research In Motion Limited)HKLM-x32\...\Run: [babylon Client] => C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe [3656272 2014-02-18] (Babylon Ltd.)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-08] (Hewlett-Packard)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\.DEFAULT\...\Run: [systranToolbar.exe] => C:\Program Files (x86)\SYSTRAN\Desktop\SystranToolbar.exe HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mstart.exe [40816 2013-08-27] (Citrix Online, a division of Citrix Systems, Inc.)HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\Run: [blackBerryLink.exe] => C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [1450000 2013-11-06] (Research In Motion)HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)InvalidSubkeyName: [HKU\S-1-5-21-775014540-1245447705-1913898584-1001\Software\Microsoft\Windows\CurrentVersion\Run\4100750074006F00720075006E007300440069007300610062006C0065006400] <===== ATTENTIONHKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {1c039da1-faa1-11e0-8553-6431509a9b5d} - F:\LaunchU3.exe -aHKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {271a6a12-cc4d-11e1-b88c-001e101f1838} - F:\AutoRun.exeHKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {76f272d6-ac6d-11e3-ba06-0260d8160801} - F:\Start.exeHKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {809e956b-610f-11e1-9c0a-6431509a9b5d} - F:\Windows\AutoRun.exeHKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {98a3b4a5-cbbd-11e1-aa98-001e101faa49} - F:\AutoRun.exeHKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {de58ba73-cbb7-11e1-881e-6431509a9b5d} - F:\AutoRun.exeHKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {de58ba87-cbb7-11e1-881e-6431509a9b5d} - F:\AutoRun.exeHKU\S-1-5-21-775014540-1245447705-1913898584-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-775014540-1245447705-1913898584-1001\$9fd5cd26cde3dc50177cb423a41cc1d3\n. ATTENTION! ====> ZeroAccess?Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PC Backup Status.lnkShortcutTarget: PC Backup Status.lnk -> C:\Program Files\PC Backup\imonlinestat.exe (PC Backup)Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DealFinder.lnkShortcutTarget: DealFinder.lnk -> C:\Program Files (x86)\AA\DealFinder\DealFinder\DealFinder.exe ()Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: imonline -> {7186e471-536f-742f-7e26-d15581f2c8b8} => C:\Program Files\PC Backup\imonlineshell.dll (PC Backup)ShellIconOverlayIdentifiers: imonline2 -> {d7c5ac9b-e62a-51be-1aee-547514ed73d8} => C:\Program Files\PC Backup\imonlineshell.dll (PC Backup)ShellIconOverlayIdentifiers: imonline3 -> {d7ceef6f-961f-eea7-0a91-d64580e0517b} => C:\Program Files\PC Backup\imonlineshell.dll (PC Backup)ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled.ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/URLSearchHook: HKCU - Default Value = {6f52f077-2dbf-f864-8da7-73cc1a21005a}URLSearchHook: HKCU - FCToolbarURLSearchHook Class - {6f52f077-2dbf-f864-8da7-73cc1a21005a} - C:\Program Files (x86)\Upromise RewardU Toolbar\Helper.dll ()SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFSearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFSearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM - {FC9FA277-ECDA-42EA-B54A-BB6512172A89} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFSearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFSearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM-x32 - {FC9FA277-ECDA-42EA-B54A-BB6512172A89} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_def&mntrId=78ED02704ECD0701&affID=10588&tl=gkn10811&tsp=5312SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFSearchScopes: HKCU - {5240BF41-6440-424F-8EBF-83FE0E876DC5} URL = http://www.search.ask.com/web?tpid=ORJ-V7-SAT&o=APN11461&pf=V7&p2=%5EBE7%5EOSJ000%5EYY%5EMX&gct=&itbv=12.10.6.53&apn_uid=3057BFAB-5852-442C-B3E9-682F99D93815&apn_ptnrs=BE7&apn_dtid=%5EOSJ000%5EYY%5EMX&apn_dbr=ie_11.0.9600.17041&doi=2014-05-02&trgb=IE&q={searchTerms}&psv=SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFSearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKCU - {FC9FA277-ECDA-42EA-B54A-BB6512172A89} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No FileBHO-x32: Upromise RewardU Toolbar BHO -> {2E1946E4-D51E-6074-C16F-ED7E0D98A8E4} -> C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll ()BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Bobsled by T-Mobile -> {C8748F11-F4AD-47AF-AB50-C7DF5792096B} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)BHO-x32: buenosearch Helper Object -> {F1C81E40-2485-4DB6-8C9D-04BD596B281E} -> C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll No FileToolbar: HKLM-x32 - Upromise RewardU Toolbar - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll ()Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll No FileToolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKCU - No Name - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - No FileDPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cabDPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc1.cabHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 202.134.64.20 8.8.8.8Tcpip\..\Interfaces\{2628DE12-C1F5-43D7-9242-4B753E7279A8}: [NameServer]10.177.0.34 10.168.187.116Tcpip\..\Interfaces\{9A0BA68B-1686-4DEA-8672-4FCFAA482606}: [NameServer]10.177.0.34 10.168.187.116Tcpip\..\Interfaces\{E65F2D84-4D26-4B93-AFDE-01E7BCC6A8C4}: [NameServer]10.177.0.34 10.168.187.116 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\David\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\cgpcfg.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\CgpCore.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\confmgr.dll ()FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\ctxlogging.dll ()FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\ctxmui.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\icafile.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\icalogon.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\msvcm80.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\msvcp80.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\msvcr80.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npicaN.dll ()FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\sslsdk_b.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\TcpPServ.dll (Citrix Systems, Inc.)FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-26]FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.comFF Extension: Babylon Translation Activation - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com [2014-07-17]FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: =======CHR HomePage: hxxp://www.buenosearch.com/?babsrc=HP_def&mntrId=78ED02704ECD0701&affID=10588&tl=gkn10811&tsp=5312CHR StartupUrls: "hxxp://www.buenosearch.com/?babsrc=HP_def&mntrId=78ED02704ECD0701&affID=10588&tl=gkn10811&tsp=5312"CHR DefaultSearchKeyword: buenosearch.comCHR DefaultSearchProvider: Bueno SearchCHR DefaultSearchURL: http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_def&mntrId=78ED02704ECD0701&affID=10588&tl=gkn10811&tsp=5312CHR DefaultNewTabURL: CHR Extension: (Website Logon) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2012-07-10]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]CHR Extension: (Skype Click to Call) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-20]CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]CHR HKLM-x32\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx [2011-02-11]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03] ==================== Services (Whitelisted) ================= R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed]R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)S3 CATmobile; C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe [118784 2010-12-22] (SmithMicro Inc.) [File not signed]R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [33280 2014-06-20] (Digital Market Research Apps Pty Ltd) [File not signed]R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-04] (Realsil Microelectronics Inc.) [File not signed]R2 imonlinebackup; C:\Program Files\PC Backup\imonlinebackup.exe [47952 2014-01-17] (PC Backup)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-11-05] (Apple Inc.) [File not signed]R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1286656 2013-11-05] (Research In Motion Limited) [File not signed]S3 TMobileRcAppSvc; C:\Program Files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe [114688 2010-12-22] (SmithMicro Inc.) [File not signed]R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2014-06-20] (Digital Market Research Apps Pty Ltd) [File not signed]R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed]S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X] ==================== Drivers (Whitelisted) ==================== R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)R1 imonlineFilter; C:\Windows\System32\DRIVERS\imonline.sys [67808 2014-01-17] (Mozy, Inc.)S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-12-22] (Smith Micro Inc.)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-08-15] (Research in Motion Limited)R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-15] (Anchorfree Inc.)R3 tmobile_mf691_dc_enum; C:\Windows\System32\DRIVERS\tmobile_mf691_dc_enum.sys [75776 2010-04-09] (T-Mobile)S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-19 19:05 - 2014-07-19 19:06 - 00000000 ____D () C:\FRST2014-07-18 00:34 - 2014-07-18 00:42 - 00000000 ____D () C:\Users\David\AppData\Roaming\SYSTRAN2014-07-18 00:34 - 2014-07-18 00:42 - 00000000 ____D () C:\Users\David\AppData\Local\SYSTRAN2014-07-18 00:32 - 2014-07-19 18:55 - 00000000 ____D () C:\ProgramData\SYSTRAN2014-07-18 00:27 - 2014-07-19 10:20 - 00000000 ____D () C:\Users\David\Downloads\desktop-enes2014-07-17 23:37 - 2014-07-18 00:27 - 398555240 _____ () C:\Users\David\Downloads\systran_windows_x86_desktop-enes.exe2014-07-17 23:37 - 2014-07-17 23:37 - 00000000 ____D () C:\Users\David\AppData\Local\Nexway2014-07-17 23:24 - 2014-07-19 10:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\Babylon2014-07-17 23:24 - 2014-07-17 23:26 - 00000000 ____D () C:\Users\David\AppData\Local\Babylon2014-07-17 23:24 - 2014-07-17 23:24 - 00000000 ____D () C:\Users\David\AppData\Roaming\Acapela Group2014-07-17 23:23 - 2014-07-19 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon2014-07-17 23:23 - 2014-07-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-17 12:49 - 2014-07-19 11:19 - 00000000 ____D () C:\ProgramData\Babylon2014-07-17 12:49 - 2014-07-19 06:04 - 00000000 ____D () C:\Program Files\Babylon2014-07-17 12:49 - 2014-07-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Babylon2014-07-17 12:46 - 2014-07-17 12:46 - 00003274 _____ () C:\Windows\System32\Tasks\{AA392FD5-DBDE-4C39-B615-6F909FD86546}2014-07-17 12:30 - 2014-07-19 06:04 - 00000000 ____D () C:\Users\David\AppData\Local\iWesoft2014-07-17 12:28 - 2014-07-19 06:04 - 00000000 ____D () C:\Program Files (x86)\Google Translate Tool2014-07-17 11:22 - 2014-07-17 11:23 - 00000000 ____D () C:\Users\David\Desktop\Visiting Hours Initiative2014-07-11 09:11 - 2014-07-14 22:32 - 02549248 _____ () C:\Users\David\Desktop\Plan Director de La Red Almenara de EsSalud.ppt2014-07-09 15:02 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-09 15:02 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-09 15:02 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-09 15:02 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-09 15:02 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-09 15:02 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-09 15:02 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-09 15:02 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-07-09 15:02 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-07-09 15:02 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-07-09 15:02 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-07-09 15:02 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-07-09 15:02 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-07-09 15:02 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-07-09 15:02 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-07-09 15:02 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-07-09 15:02 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-07-09 15:02 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-07-09 15:02 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-07-09 15:02 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-07-09 15:02 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-07-09 15:02 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-09 15:01 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-09 15:01 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-09 15:01 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-09 15:01 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-09 15:01 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-07-09 15:01 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-09 15:01 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-07-09 15:01 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-09 15:01 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-07-09 15:01 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-07-09 15:01 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-09 15:01 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-09 15:01 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-09 15:01 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-07-09 15:01 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-07-09 15:01 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-07-09 15:01 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-09 15:01 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-07-09 15:01 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-09 15:01 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-07-09 15:01 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-09 15:01 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-09 15:01 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-09 15:01 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-09 15:01 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-09 15:01 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-09 15:01 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-07-09 15:01 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-09 15:01 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-07-09 15:01 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-07-09 15:01 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-09 15:01 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-09 15:01 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-09 15:01 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-09 15:01 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-09 15:01 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-07-09 15:01 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-07-09 15:01 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-07-09 15:01 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-07-09 15:01 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-09 15:01 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-09 15:01 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-09 15:01 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-09 15:01 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-09 15:01 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-09 15:01 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-09 15:01 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-09 15:01 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-09 15:01 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-07-09 15:01 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-09 15:01 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-09 15:01 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-09 15:01 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-07-09 15:01 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-09 15:01 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-09 15:01 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-07-09 15:01 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-09 15:01 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-07-09 15:01 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-07-08 08:08 - 2014-07-17 11:42 - 00072192 _____ () C:\Users\David\Desktop\Copy of HM14JISCustomerServiceJaimovich.xls2014-06-28 22:16 - 2014-06-28 22:16 - 00000000 ____D () C:\Users\David\Desktop\Consultants2014-06-28 17:28 - 2014-06-28 17:28 - 00000000 ____D () C:\Users\David\AppData\Local\Downloaded Installations2014-06-28 16:28 - 2014-06-28 16:28 - 00002225 _____ () C:\Users\Public\Desktop\BlackBerry Link.lnk2014-06-28 16:13 - 2014-06-28 16:13 - 00258928 _____ (Cisco WebEx LLC) C:\Users\David\Downloads\Cisco_WebEx_Add-On.exe2014-06-24 21:56 - 2014-06-24 21:56 - 00000000 ____D () C:\Program Files (x86)\MR APP2014-06-24 09:08 - 2014-07-19 11:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8fb5be4abbdb.job2014-06-24 09:08 - 2014-06-24 09:08 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf8fb5be4abbdb2014-06-20 18:35 - 2014-06-20 18:35 - 00006134 _____ () C:\WirelessDiagLog.csv2014-06-20 18:06 - 2014-06-22 21:54 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe ==================== One Month Modified Files and Folders ======= 2014-07-19 19:06 - 2014-07-19 19:05 - 00000000 ____D () C:\FRST2014-07-19 19:03 - 2011-10-20 05:48 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype2014-07-19 19:01 - 2014-01-06 16:48 - 00000000 ____D () C:\Users\David\AppData\Roaming\Dropbox2014-07-19 18:59 - 2012-04-10 13:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-19 18:58 - 2014-05-02 16:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\DropboxMaster2014-07-19 18:58 - 2014-01-06 17:00 - 00000000 ___RD () C:\Users\David\Dropbox2014-07-19 18:58 - 2012-01-05 09:33 - 00000000 ____D () C:\Users\David\Documents\Outlook Files2014-07-19 18:56 - 2011-04-03 13:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-07-19 18:55 - 2014-07-18 00:32 - 00000000 ____D () C:\ProgramData\SYSTRAN2014-07-19 18:45 - 2013-11-21 16:17 - 00000000 ____D () C:\Program Files (x86)\outobox2014-07-19 18:13 - 2014-05-05 16:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf68a7fac845e7.job2014-07-19 18:04 - 2011-10-19 15:29 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{70DF694E-6F67-4165-9BDE-8E96F60892BE}2014-07-19 17:05 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-19 14:26 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-19 14:26 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-19 11:19 - 2014-07-17 12:49 - 00000000 ____D () C:\ProgramData\Babylon2014-07-19 11:16 - 2014-06-24 09:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8fb5be4abbdb.job2014-07-19 11:16 - 2014-01-16 19:11 - 00000000 ____D () C:\Program Files\Google2014-07-19 11:16 - 2012-08-15 07:22 - 00075773 _____ () C:\Windows\setupact.log2014-07-19 11:16 - 2012-07-10 23:46 - 00000000 ____D () C:\Program Files (x86)\Google2014-07-19 11:16 - 2010-11-20 22:47 - 00709208 _____ () C:\Windows\PFRO.log2014-07-19 11:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-19 11:15 - 2011-05-28 11:14 - 01755250 _____ () C:\Windows\WindowsUpdate.log2014-07-19 10:47 - 2012-07-10 23:51 - 00000000 ____D () C:\ProgramData\Google2014-07-19 10:47 - 2012-07-10 23:46 - 00000000 ____D () C:\Users\David\AppData\Local\Google2014-07-19 10:34 - 2014-07-17 23:24 - 00000000 ____D () C:\Users\David\AppData\Roaming\Babylon2014-07-19 10:20 - 2014-07-18 00:27 - 00000000 ____D () C:\Users\David\Downloads\desktop-enes2014-07-19 10:20 - 2014-07-17 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon2014-07-19 10:20 - 2011-10-19 15:27 - 00000000 ____D () C:\Users\David2014-07-19 10:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-07-19 10:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration2014-07-19 06:04 - 2014-07-17 12:49 - 00000000 ____D () C:\Program Files\Babylon2014-07-19 06:04 - 2014-07-17 12:30 - 00000000 ____D () C:\Users\David\AppData\Local\iWesoft2014-07-19 06:04 - 2014-07-17 12:28 - 00000000 ____D () C:\Program Files (x86)\Google Translate Tool2014-07-19 06:04 - 2011-10-20 12:06 - 00000000 ____D () C:\ProgramData\WebEx2014-07-19 05:40 - 2012-08-10 08:55 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForDavid.job2014-07-19 05:38 - 2012-08-10 08:55 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDavid2014-07-18 13:53 - 2011-10-22 18:31 - 00000000 ____D () C:\Users\David\AppData\Local\CrashDumps2014-07-18 00:42 - 2014-07-18 00:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\SYSTRAN2014-07-18 00:42 - 2014-07-18 00:34 - 00000000 ____D () C:\Users\David\AppData\Local\SYSTRAN2014-07-18 00:27 - 2014-07-17 23:37 - 398555240 _____ () C:\Users\David\Downloads\systran_windows_x86_desktop-enes.exe2014-07-17 23:37 - 2014-07-17 23:37 - 00000000 ____D () C:\Users\David\AppData\Local\Nexway2014-07-17 23:26 - 2014-07-17 23:24 - 00000000 ____D () C:\Users\David\AppData\Local\Babylon2014-07-17 23:24 - 2014-07-17 23:24 - 00000000 ____D () C:\Users\David\AppData\Roaming\Acapela Group2014-07-17 23:23 - 2014-07-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-17 23:23 - 2014-07-17 12:49 - 00000000 ____D () C:\Program Files (x86)\Babylon2014-07-17 12:46 - 2014-07-17 12:46 - 00003274 _____ () C:\Windows\System32\Tasks\{AA392FD5-DBDE-4C39-B615-6F909FD86546}2014-07-17 12:25 - 2012-07-09 23:48 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-07-17 12:25 - 2011-10-20 08:10 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-07-17 11:42 - 2014-07-08 08:08 - 00072192 _____ () C:\Users\David\Desktop\Copy of HM14JISCustomerServiceJaimovich.xls2014-07-17 11:23 - 2014-07-17 11:22 - 00000000 ____D () C:\Users\David\Desktop\Visiting Hours Initiative2014-07-17 00:37 - 2011-09-05 03:33 - 00003842 _____ () C:\Windows\imonline.flt2014-07-17 00:37 - 2011-09-05 03:33 - 00003784 _____ () C:\Windows\imonline.blk2014-07-16 21:29 - 2013-07-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT2014-07-16 21:22 - 2011-10-20 06:37 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-16 08:55 - 2011-10-20 12:27 - 00000000 ____D () C:\Users\David\Documents\David's Info2014-07-14 22:32 - 2014-07-11 09:11 - 02549248 _____ () C:\Users\David\Desktop\Plan Director de La Red Almenara de EsSalud.ppt2014-07-14 20:07 - 2014-02-01 16:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\HpUpdate2014-07-14 15:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-07-10 21:51 - 2009-07-13 23:45 - 00345144 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-10 21:46 - 2014-04-30 08:54 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-10 21:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-07-10 21:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism2014-07-10 09:22 - 2011-10-19 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-09 10:04 - 2012-01-07 19:21 - 00000000 ____D () C:\Users\David\Documents\QRI forms and bio2014-07-08 23:29 - 2012-02-28 19:08 - 00033021 _____ () C:\Users\David\AppData\Roaming\Rim.Desktop.Exception.log2014-07-08 23:29 - 2012-02-28 19:08 - 00012782 _____ () C:\Users\David\AppData\Roaming\Rim.DesktopHelper.Exception.log2014-07-08 18:59 - 2012-04-10 13:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-08 16:59 - 2012-04-10 13:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-08 16:59 - 2011-11-26 18:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-01 13:56 - 2011-10-20 14:17 - 00000000 ____D () C:\Users\David\Documents\QRI Six Sigma2014-06-29 21:09 - 2014-07-09 15:02 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-29 21:04 - 2014-07-09 15:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-06-28 22:20 - 2014-06-18 15:32 - 00000000 ____D () C:\Users\David\Desktop\Documentation2014-06-28 22:16 - 2014-06-28 22:16 - 00000000 ____D () C:\Users\David\Desktop\Consultants2014-06-28 22:15 - 2013-03-11 00:58 - 00000000 ____D () C:\Users\David\Documents\Center for Patient Safety2014-06-28 17:28 - 2014-06-28 17:28 - 00000000 ____D () C:\Users\David\AppData\Local\Downloaded Installations2014-06-28 16:28 - 2014-06-28 16:28 - 00002225 _____ () C:\Users\Public\Desktop\BlackBerry Link.lnk2014-06-28 16:28 - 2012-02-28 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry2014-06-28 16:13 - 2014-06-28 16:13 - 00258928 _____ (Cisco WebEx LLC) C:\Users\David\Downloads\Cisco_WebEx_Add-On.exe2014-06-28 16:05 - 2011-11-20 15:29 - 00227344 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe2014-06-28 16:05 - 2011-11-20 15:29 - 00137232 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe2014-06-24 22:01 - 2014-03-28 19:40 - 00000000 ____D () C:\ProgramData\MR APP2014-06-24 21:56 - 2014-06-24 21:56 - 00000000 ____D () C:\Program Files (x86)\MR APP2014-06-24 14:03 - 2011-11-16 23:56 - 00000000 ____D () C:\Users\David\Documents\Youcam2014-06-24 09:08 - 2014-06-24 09:08 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf8fb5be4abbdb2014-06-24 09:08 - 2014-05-05 16:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf68a7fac845e72014-06-22 21:54 - 2014-06-20 18:06 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe2014-06-20 18:35 - 2014-06-20 18:35 - 00006134 _____ () C:\WirelessDiagLog.csv2014-06-20 15:14 - 2014-07-09 15:01 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-06-20 14:39 - 2014-07-09 15:01 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll ZeroAccess:C:\$Recycle.Bin\S-1-5-21-775014540-1245447705-1913898584-1001\$9fd5cd26cde3dc50177cb423a41cc1d3 Some content of TEMP:====================C:\Users\David\AppData\Local\Temp\APNSetup.exeC:\Users\David\AppData\Local\Temp\conhost.dllC:\Users\David\AppData\Local\Temp\csrss.dllC:\Users\David\AppData\Local\Temp\DataCard_Setup64.exeC:\Users\David\AppData\Local\Temp\dlLogic.exeC:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiqu9mx.dllC:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiyagzk.dllC:\Users\David\AppData\Local\Temp\Extract.exeC:\Users\David\AppData\Local\Temp\G2MInstallerExtractor.exeC:\Users\David\AppData\Local\Temp\GCVerifier.dllC:\Users\David\AppData\Local\Temp\iexplore.dllC:\Users\David\AppData\Local\Temp\installer.exeC:\Users\David\AppData\Local\Temp\InstallFlashPlayer.exeC:\Users\David\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exeC:\Users\David\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\David\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\David\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\David\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\David\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exeC:\Users\David\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exeC:\Users\David\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exeC:\Users\David\AppData\Local\Temp\ose00000.exeC:\Users\David\AppData\Local\Temp\ResetDevice.exeC:\Users\David\AppData\Local\Temp\SkypeSetup.exeC:\Users\David\AppData\Local\Temp\SP55151.exeC:\Users\David\AppData\Local\Temp\sp64126.exeC:\Users\David\AppData\Local\Temp\tmp73FB.tmp_591707652958.exeC:\Users\David\AppData\Local\Temp\uninst1.exeC:\Users\David\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-19 13:46 ==================== End Of Log ============================ Addition.txt
can't remove babylon and buenosearch

reluctantadmin posted a topic in Resolved Malware Removal Logs

Babylon was installed and now buenosearch has taken over. Followed the most widely recommended uninstall instructions (for windows 7): 1. Exited babylon in windows tray (worked) 2. Went to Uninstall using Control Panel – but it does not respond. Goes around in circle like might be initiating and then stops. Can’t open Malware at all will not respond. When open chrome or IE goes to buenosearch. I do have eset security on the computer. Thanks!

Sign In

reluctantadmin

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by reluctantadmin

can't remove babylon and buenosearch

can't remove babylon and buenosearch

can't remove babylon and buenosearch

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information