Jump to content

PUP.Optional.Babylon.A infection - please help to clean


Recommended Posts

I have the premium edition of Malwarebytes. For weeks Malwarebytes has been identifying this infection and I have been selecting "Ignore Once" 

I noticed that my Chrome browser is often being redirected and Chrome blocks the site as "not Google.com"; I don't know if that's related to Babylon.

Thank you for helping me. (I do not see where to choose "Immediate Email Notification" under Options)

 

Per the instructions I am posting this new topic here and pasting the FRST.txt file below, and attaching the Addition.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Dimitri Villard (administrator) on DIMITRIVILLARD on 06-07-2014 15:41:32
Running from C:\Users\Dimitri Villard\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(WebEx Communications, Inc.) C:\Windows\SysWOW64\atashost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Spotify Ltd) C:\Users\Dimitri Villard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(ScanBizCards) C:\Program Files (x86)\CardScanSync\CardScanSync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(JME) C:\Program Files (x86)\jmesoft\hotkey.exe
(Lenovo) C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe
(Lenovo) C:\Program Files\Lenovo\HealthCare\HealthCare.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(CardScan, Inc.) C:\Program Files (x86)\CardScan\CardScan\CardScanAgent.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Dimitri Villard\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Lenovo) C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Lenovo) C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Nitro PDF) C:\Program Files (x86)\Nitro\Reader 3\NitroPDFReader.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] => C:\Windows\test.bat
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4081008 2012-07-29] (ESET)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [jmekey] => C:\Program Files (x86)\jmesoft\hotkey.exe [114688 2009-07-16] (JME)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe [163840 2009-09-27] (Lenovo)
HKLM-x32\...\Run: [Healthcare] => C:\Program Files\Lenovo\HealthCare\HealthCare.exe [827392 2009-09-28] (Lenovo)
HKLM-x32\...\Run: [setDefaultSCR] => C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-12-30] (Lenovo)
HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [scanSnap WIA Service Checker] => C:\windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [CardScanAgent] => C:\Program Files (x86)\CardScan\CardScan\CardScanAgent.exe [152824 2008-08-27] (CardScan, Inc.)
HKLM-x32\...\Run: [bingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1053192 2014-01-31] (Carbonite, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [GoogleChromeAutoLaunch_EAB773A5E995A146A0D7E06C45FF7018] => C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [Google Update] => C:\Users\Dimitri Villard\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-29] (Google Inc.)
HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [spotify Web Helper] => C:\Users\Dimitri Villard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-20] (Spotify Ltd)
HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-07-05] (Siber Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardScanSync Service.lnk
ShortcutTarget: CardScanSync Service.lnk -> C:\Windows\Installer\{0EB7A7DA-6A5A-4AE1-B141-305D27188377}\_21469DB4E9CFFD2BED2FCD.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Dimitri Villard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dimitri Villard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Dimitri Villard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Dimitri Villard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\MasterWriter 2.0\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.10.10.1 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\AnyMeeting Plug-in\npcnwplugin.dll (AnyMeeting, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Dimitri Villard\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Dimitri Villard\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Dimitri Villard\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: tdameritrade.com/thinkorswim - C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default\Extensions\LogMeInClient@logmein.com [2014-06-16]
FF Extension: No Name - C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default\Extensions\staged [2014-07-01]
FF Extension: NoScript - C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-31]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-06-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-06-16]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-07-29]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-07-29]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-06-10]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-06-10]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-06-10]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-07-30]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-07-29]
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-07-30]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86"
CHR Plugin: (Shockwave Flash) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll (Siber Systems Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Dimitri Villard\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Session Manager) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2013-05-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-29]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-03-27]
CHR Extension: (Freemake Video Downloader) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-06-13]
CHR Extension: (Google Search) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-29]
CHR Extension: (Session Buddy) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-05-15]
CHR Extension: (Chromebleed) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-12]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-06-13]
CHR Extension: (Speek Google Calendar Add-On) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekemipommpaihcpnicokfjopgipanaib [2013-04-22]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-02-09]
CHR Extension: (AnyMeeting) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\haclnjenbegodadajbpfgiejpooonhdb [2013-06-27]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-05-26]
CHR Extension: (Freemake Video Converter) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-06-13]
CHR Extension: (Google Wallet) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Free Fax in the US, Canada) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiidojdnglaafokickcabfmfhpkhdcgp [2014-03-27]
CHR Extension: (Evernote Web Clipper) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-01-16]
CHR Extension: (Google Reader) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2012-08-31]
CHR Extension: (Gmail) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-29]
CHR Extension: (RoboForm) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-02-20]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-06-10]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-06-10]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-06-10]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]
CHR StartMenuInternet: Google Chrome - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 atashost; C:\windows\SysWOW64\atashost.exe [43912 2012-08-24] (WebEx Communications, Inc.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.)
R2 CEEBC40A-FDED-4C59-B354-939132350B01; C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [96752 2009-10-12] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe [51016 2014-06-09] (Google Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [913144 2012-03-07] (ESET)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-14] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-05-14] (Ellora Assets Corp.) [File not signed]
R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe [49152 2009-09-30] (Lenovo) [File not signed]
R3 LitModeCtrl; C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe [81920 2009-11-11] (Lenovo) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-07] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [895696 2009-10-27] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86016 2010-09-13] (PC Pitstop LLC) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209768 2012-03-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-14] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2012-03-14] (ESET)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-07-16] (McAfee, Inc.)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-07-29] (Acronis)
S3 vmkbd2; C:\windows\system32\drivers\VMkbd.sys [33496 2014-06-12] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 WinI2C-DDC; C:\windows\system32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\windows\SysWOW64\drivers\DDCDrv.sys [16200 2009-03-02] (Nicomsoft Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-06 15:41 - 2014-07-06 15:42 - 00044706 _____ () C:\Users\Dimitri Villard\Desktop\FRST.txt
2014-07-06 15:41 - 2014-07-06 15:41 - 00000000 ____D () C:\FRST
2014-07-06 15:33 - 2014-07-06 15:34 - 02084352 _____ (Farbar) C:\Users\Dimitri Villard\Desktop\FRST64.exe
2014-07-06 15:25 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe
2014-07-06 15:25 - 2014-06-12 18:23 - 00064728 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmx86.sys
2014-07-06 15:25 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe
2014-07-06 15:25 - 2014-06-12 18:21 - 00033496 _____ (VMware, Inc.) C:\windows\system32\Drivers\VMkbd.sys
2014-07-06 15:25 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\windows\system32\Drivers\vsock.sys
2014-07-06 15:25 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\windows\system32\vsocklib.dll
2014-07-06 15:25 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\windows\SysWOW64\vsocklib.dll
2014-07-06 15:24 - 2014-06-12 18:22 - 00931032 _____ (VMware, Inc.) C:\windows\system32\vnetlib64.dll
2014-07-06 15:24 - 2014-06-12 18:22 - 00031448 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetuserif.sys
2014-07-06 15:24 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\windows\system32\Drivers\hcmon.sys
2014-07-06 15:23 - 2014-07-06 15:23 - 00002080 _____ () C:\Users\Public\Desktop\VMware Player.lnk
2014-07-06 15:23 - 2014-07-06 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-07-06 15:22 - 2014-07-06 15:22 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-07-05 16:00 - 2014-07-05 16:01 - 88748490 _____ () C:\Users\Dimitri Villard\Downloads\DVDFab v9.156.rar
2014-06-20 22:48 - 2014-07-06 14:37 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 22:48 - 2014-06-20 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 22:48 - 2014-06-20 22:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 22:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-20 22:48 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-19 16:35 - 2014-06-19 16:35 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Local\Adobe
2014-06-18 19:54 - 2014-06-18 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-06-16 10:02 - 2014-06-16 10:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 18:22 - 2014-06-12 18:22 - 00080464 _____ (VMware, Inc.) C:\windows\system32\vmnetbridge.dll
2014-06-12 18:22 - 2014-06-12 18:22 - 00049232 _____ (VMware, Inc.) C:\windows\system32\vnetinst.dll
2014-06-12 18:22 - 2014-06-12 18:22 - 00046160 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetbridge.sys
2014-06-12 18:22 - 2014-06-12 18:22 - 00024656 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnet.sys
2014-06-12 18:22 - 2014-06-12 18:22 - 00020560 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetadapter.sys
2014-06-11 06:22 - 2014-05-30 01:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-11 06:21 - 2014-05-30 03:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-11 06:21 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-11 06:21 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-11 06:21 - 2014-05-30 02:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-11 06:21 - 2014-05-30 02:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-11 06:21 - 2014-05-30 02:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-11 06:21 - 2014-05-30 02:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-11 06:21 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-11 06:21 - 2014-05-30 02:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-11 06:21 - 2014-05-30 02:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-11 06:21 - 2014-05-30 02:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-11 06:21 - 2014-05-30 02:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-11 06:21 - 2014-05-30 02:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-11 06:21 - 2014-05-30 02:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-11 06:21 - 2014-05-30 02:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-11 06:21 - 2014-05-30 02:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-11 06:21 - 2014-05-30 02:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-11 06:21 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-11 06:21 - 2014-05-30 01:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 06:21 - 2014-05-30 01:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-11 06:21 - 2014-05-30 01:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-11 06:21 - 2014-05-30 01:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-11 06:21 - 2014-05-30 01:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-11 06:21 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-11 06:21 - 2014-05-30 01:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-11 06:21 - 2014-05-30 01:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-11 06:21 - 2014-05-30 01:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-11 06:21 - 2014-05-30 01:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-11 06:21 - 2014-05-30 01:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-11 06:21 - 2014-05-30 01:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-11 06:21 - 2014-05-30 01:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-11 06:21 - 2014-05-30 01:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-11 06:21 - 2014-05-30 01:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-11 06:21 - 2014-05-30 01:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-11 06:21 - 2014-05-30 01:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-11 06:21 - 2014-05-30 01:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 06:21 - 2014-05-30 01:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-11 06:21 - 2014-05-30 01:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-11 06:21 - 2014-05-30 01:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-11 06:21 - 2014-05-30 00:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-11 06:21 - 2014-05-30 00:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-11 06:21 - 2014-05-30 00:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-11 06:21 - 2014-05-30 00:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-11 06:21 - 2014-05-30 00:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-11 06:21 - 2014-05-30 00:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-11 06:21 - 2014-05-30 00:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-11 06:21 - 2014-05-30 00:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-11 06:21 - 2014-05-30 00:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-11 06:21 - 2014-05-30 00:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-11 06:21 - 2014-05-30 00:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-11 06:21 - 2014-05-30 00:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-11 06:19 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-11 06:19 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 06:19 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-11 06:19 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-11 06:19 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 06:19 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 06:19 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-11 06:19 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-11 06:19 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-11 06:19 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-11 06:19 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-11 06:19 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-11 06:19 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-11 06:19 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
 
==================== One Month Modified Files and Folders =======
 
2014-07-06 15:42 - 2014-07-06 15:41 - 00044706 _____ () C:\Users\Dimitri Villard\Desktop\FRST.txt
2014-07-06 15:41 - 2014-07-06 15:41 - 00000000 ____D () C:\FRST
2014-07-06 15:35 - 2012-07-29 23:25 - 00000948 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4231272693-1600837509-2429716476-1001UA.job
2014-07-06 15:34 - 2014-07-06 15:33 - 02084352 _____ (Farbar) C:\Users\Dimitri Villard\Desktop\FRST64.exe
2014-07-06 15:28 - 2012-07-29 12:36 - 00003990 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{71CB2D6D-BCC4-4303-B327-25EDCA8574EC}
2014-07-06 15:25 - 2012-08-11 16:31 - 00000000 ____D () C:\ProgramData\VMware
2014-07-06 15:23 - 2014-07-06 15:23 - 00002080 _____ () C:\Users\Public\Desktop\VMware Player.lnk
2014-07-06 15:23 - 2014-07-06 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-07-06 15:23 - 2012-07-29 20:02 - 00803632 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-07-06 15:22 - 2014-07-06 15:22 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-07-06 15:21 - 2013-07-15 00:25 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-06 15:21 - 2013-07-15 00:25 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-06 15:11 - 2014-02-17 11:01 - 00000558 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-4231272693-1600837509-2429716476-1001.job
2014-07-06 15:01 - 2012-10-10 06:12 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-06 15:01 - 2012-08-19 11:08 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\VMware
2014-07-06 15:01 - 2012-08-19 11:08 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Local\VMware
2014-07-06 14:37 - 2014-06-20 22:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 14:32 - 2013-03-06 12:59 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\Nitro PDF
2014-07-06 14:32 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-07-06 09:02 - 2012-07-29 12:13 - 01674868 _____ () C:\windows\WindowsUpdate.log
2014-07-06 06:42 - 2014-05-23 16:46 - 00000000 ____D () C:\ProgramData\PCPitstop
2014-07-06 06:41 - 2013-06-08 22:56 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-05 21:35 - 2012-07-29 23:25 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4231272693-1600837509-2429716476-1001Core.job
2014-07-05 16:30 - 2012-07-30 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-07-05 16:06 - 2012-07-29 14:25 - 00000000 ____D () C:\Users\Dimitri Villard\Documents\Outlook Files
2014-07-05 16:04 - 2012-07-30 06:53 - 00000000 ____D () C:\Program Files (x86)\QuoteTracker
2014-07-05 16:01 - 2014-07-05 16:00 - 88748490 _____ () C:\Users\Dimitri Villard\Downloads\DVDFab v9.156.rar
2014-07-05 16:00 - 2013-11-24 12:03 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Local\2F481989-40D3-415C-B818-FEBB6AC22A65.aplzod
2014-07-05 02:09 - 2014-02-17 11:01 - 00003620 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4231272693-1600837509-2429716476-1001
2014-06-29 06:43 - 2013-04-18 15:50 - 70121984 _____ () C:\Users\Dimitri Villard\Documents\Dimitri Villard Contacts.cdb
2014-06-26 23:11 - 2013-09-17 14:37 - 00000000 ____D () C:\Users\Dimitri Villard\Documents\My Photos
2014-06-26 22:29 - 2012-07-29 14:16 - 00000000 ____D () C:\Users\Dimitri Villard\Documents\My Life
2014-06-25 14:38 - 2009-07-13 21:45 - 00017952 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 14:38 - 2009-07-13 21:45 - 00017952 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 06:42 - 2012-07-31 19:31 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\Dropbox
2014-06-23 06:42 - 2012-07-29 13:57 - 00000000 ___RD () C:\Users\Dimitri Villard\Dropbox
2014-06-23 06:41 - 2014-05-14 16:09 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\DropboxMaster
2014-06-23 06:41 - 2014-01-28 07:32 - 00000964 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-06-23 06:41 - 2014-01-28 07:32 - 00000948 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-06-23 06:41 - 2012-08-06 09:26 - 00037109 _____ () C:\Users\Dimitri Villard\Sti_Trace.log
2014-06-23 06:39 - 2012-11-21 20:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-23 06:39 - 2012-09-03 14:23 - 00000000 _____ () C:\windows\system32\Drivers\lvuvc.hs
2014-06-23 06:39 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-23 06:39 - 2009-07-13 21:51 - 00062717 _____ () C:\windows\setupact.log
2014-06-23 06:38 - 2012-07-29 12:19 - 00794254 _____ () C:\windows\PFRO.log
2014-06-20 22:49 - 2012-08-02 23:56 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\Skype
2014-06-20 22:48 - 2014-06-20 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 22:48 - 2014-06-20 22:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 22:48 - 2013-12-14 15:32 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\Malwarebytes
2014-06-20 22:48 - 2013-12-14 15:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-20 22:48 - 2012-06-28 06:23 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 15:16 - 2013-07-15 00:25 - 00003912 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 15:16 - 2013-07-15 00:25 - 00003660 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 16:35 - 2014-06-19 16:35 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Local\Adobe
2014-06-19 00:52 - 2012-10-10 06:12 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-19 00:52 - 2012-08-30 07:39 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-19 00:52 - 2012-08-30 07:39 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-19 00:44 - 2012-07-29 23:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 19:54 - 2014-06-18 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-06-17 21:30 - 2012-07-29 23:25 - 00003942 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4231272693-1600837509-2429716476-1001UA
2014-06-17 21:30 - 2012-07-29 23:25 - 00003546 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4231272693-1600837509-2429716476-1001Core
2014-06-17 12:19 - 2012-08-05 07:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-16 10:02 - 2014-06-16 10:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 06:06 - 2012-07-29 12:56 - 00000000 ____D () C:\Jts
2014-06-15 23:46 - 2012-07-29 12:16 - 00006127 _____ () C:\windows\system32\Config.MPF
2014-06-12 18:23 - 2014-07-06 15:25 - 00359128 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe
2014-06-12 18:23 - 2014-07-06 15:25 - 00064728 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmx86.sys
2014-06-12 18:22 - 2014-07-06 15:25 - 00437976 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe
2014-06-12 18:22 - 2014-07-06 15:24 - 00931032 _____ (VMware, Inc.) C:\windows\system32\vnetlib64.dll
2014-06-12 18:22 - 2014-07-06 15:24 - 00031448 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetuserif.sys
2014-06-12 18:22 - 2014-06-12 18:22 - 00080464 _____ (VMware, Inc.) C:\windows\system32\vmnetbridge.dll
2014-06-12 18:22 - 2014-06-12 18:22 - 00049232 _____ (VMware, Inc.) C:\windows\system32\vnetinst.dll
2014-06-12 18:22 - 2014-06-12 18:22 - 00046160 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetbridge.sys
2014-06-12 18:22 - 2014-06-12 18:22 - 00024656 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnet.sys
2014-06-12 18:22 - 2014-06-12 18:22 - 00020560 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetadapter.sys
2014-06-12 18:21 - 2014-07-06 15:25 - 00033496 _____ (VMware, Inc.) C:\windows\system32\Drivers\VMkbd.sys
2014-06-11 13:39 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-06-11 11:17 - 2012-08-02 23:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-11 11:17 - 2012-08-02 23:56 - 00000000 ____D () C:\ProgramData\Skype
2014-06-11 10:33 - 2012-07-29 23:26 - 00002424 _____ () C:\Users\Dimitri Villard\Desktop\Google Chrome.lnk
2014-06-11 06:30 - 2013-07-15 09:32 - 00000000 ____D () C:\windows\system32\MRT
2014-06-11 06:27 - 2012-07-29 18:26 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-11 06:26 - 2012-07-29 16:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-10 08:05 - 2012-07-29 14:15 - 00000000 ____D () C:\Users\Dimitri Villard\Documents\My eBooks
2014-06-07 18:06 - 2012-08-05 07:45 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-06-07 18:03 - 2013-06-08 22:56 - 00107368 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll
2014-06-07 18:03 - 2013-06-08 22:56 - 00092488 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll
2014-06-07 18:03 - 2013-06-08 22:56 - 00035656 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
 
Files to move or delete:
====================
C:\Users\Dimitri Villard\AppData\Roaming\CamLayout.ini
C:\Users\Dimitri Villard\AppData\Roaming\CamShapes.ini
C:\ProgramData\flashax10.exe
 
 
Some content of TEMP:
====================
C:\Users\Dimitri Villard\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzxjynz.dll
C:\Users\Dimitri Villard\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-28 01:00
 
==================== End Of Log ============================
 
 
 

 

Addition.txt

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 
 
Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 
 
 
Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

fixlist.txt

Link to post
Share on other sites

Please excuse the delay in reporting the results of these steps. 

FYI the JRT reported a "bad module" and wanted to restart the computer. After the restart, there was no file displayed, just an empty box.

The ESET Online Scan has been running for approx 15 hours and is only 71% finished, because it is also scanning my external drive that Carbonite backs up a mirror image to. I think there may be more than one image on there. So far it has found a total of 15 threats some of which must be duplicates because they are on the mirror image(s). Some of these I am sure relate to a Win32/Packed Themida threat that is just a protective wrapper used by some software I bought to prevent hacking it.

Please note I have the regular paid version of ESET on my computer and always scan the entire drive every week.

I will post the results when the online scan is finished, hopefully latertoday.

One question: since I have the Premium version of Malwarebytes, I note there is an option to Quarantine the Pup.Optional.Babylon,A threat that it finds. What would happen if I just chose that option?

Thanks very much for your kind help!

In the meantime I have copied the fixlog.txt and the adwcleaner txt to this message:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Dimitri Villard at 2014-07-07 18:08:50 Run:1
Running from C:\Users\Dimitri Villard\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\Dimitri Villard\AppData\Roaming\CamLayout.ini
C:\Users\Dimitri Villard\AppData\Roaming\CamShapes.ini
C:\ProgramData\flashax10.exe
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
 
CHR StartupUrls: "hxxp://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86"
*****************
 
C:\Users\Dimitri Villard\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Dimitri Villard\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\ProgramData\flashax10.exe => Moved successfully.
'HKCR\PROTOCOLS\Handler\intu-help-qb7' => Key deleted successfully.
'HKCR\CLSID\{5A03BD9D-766D-47A6-8E87-CD90F60BE245}'=> Key not found.
'HKCR\PROTOCOLS\Handler\qbwc' => Key deleted successfully.
'HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
'HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}'=> Key not found.
CHR StartupUrls: "hxxp://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86" ==> The Chrome "Settings" can be used to fix the entry.
 
==== End of Fixlog ====
 
# AdwCleaner v3.214 - Report created 07/07/2014 at 18:16:05
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dimitri Villard - DIMITRIVILLARD
# Running from : C:\Users\Dimitri Villard\Desktop\adwcleaner_3.214.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Genesis
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\pdfforge Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Dimitri Villard\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Folder Deleted : C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Folder Deleted : C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\pdfforge@mybrowserbar.com
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\wtxpcom@mybrowserbar.com
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\robotaskbaricon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\robotaskbaricon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\TENCENT
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default\prefs.js ]
 
 
-\\ Google Chrome v20.0.1132.57
 
[ File : C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3032526
Deleted [search Provider] : hxxps://isearch.avg.com/search?cid={25501502-4C11-42A0-8176-C08709E98CC1}&mid=〈=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [startup_urls] : hxxp://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86
Deleted [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
Deleted [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh
Deleted [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
 
*************************
 
AdwCleaner[R0].txt - [3610 octets] - [07/07/2014 18:11:58]
AdwCleaner[s0].txt - [3944 octets] - [07/07/2014 18:16:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4004 octets] ##########
 
Link to post
Share on other sites

When I looked at the screen this morning (LA time) I saw that Malwarebytes had detected it - I thought I had suspended Malwarebytes but maybe after one of the restarts I forgot to suspend it again.

I told the program to "Ignore Once"

we are now 14 hours into the ESET scan with only 74% done. I wonder whether what is being scanned now is redundant since what it's scanning is the G drive which is the Carbonite mirror backup which would be replaced by a new image after changes to the C drive?

Link to post
Share on other sites

Actually the ESET Online scan raced to the finish just now. The Themida ones are relevant to a program I bought and use (WTT, Cyclesengine2) Here is the text file:

 

C:\AdwCleaner\Quarantine\C\ProgramData\Ask\APN-Stub\AD5\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Sandbox\Dimitri_Villard\DefaultBox\user\current\AppData\Local\Temp\BunndleOfferManager.dll a variant of Win32/Bunndle potentially unsafe application
C:\Sandbox\Dimitri_Villard\DefaultBox\user\current\AppData\Local\Temp\Ugtg0gu0.exe.part Win32/Graboid potentially unsafe application
C:\Users\Dimitri Villard\Carbonite Restored OLD User Settings\AppData\Roaming\OpenCandy\OpenCandy_1447F06B17FF4376A7A6DA7BEABF0AC6\LatestDLMgr.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Dimitri Villard\Desktop\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Dimitri Villard\Downloads\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Dimitri Villard\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Dimitri Villard\Downloads\FreemakeVideoDownloaderSetup.exe Win32/OpenCandy potentially unsafe application
C:\Users\Dimitri Villard\Downloads\PIP267_AVR8_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Dimitri Villard\Downloads\wtt_cycles_setup (1).exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Dimitri Villard\Downloads\wtt_cycles_setup (2).exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Dimitri Villard\Downloads\WTT_Cycles_Setup.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Dimitri Villard\Downloads\Downloads\ftpsetup.exe a variant of Win32/Tool.ServiceRunner potentially unsafe application
C:\WTT\cyclesengine2.dll a variant of Win32/Packed.Themida potentially unwanted application
C:\WTT\MSCVL.ocx a variant of Win32/Packed.Themida potentially unwanted application
Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

I had an issue: I downloaded 2 sets of Windows updates last night, the second required a reboot. On rebooting, the computer could not start and entered into Startup Repair Mode, and suggested using a Restore Point when it was running OK. I selected Yes and after 10 - 15 minutes the computer did restart successfully. The restore point must be after I installed the various programs you instructed me to install previously as they are still on the desktop. Obviously I am concerned that changes were made to the Registry or elsewhere that caused the crash, and now I don't know if the latest Windows updates are installed or not..

Also, as you know I already ran the adwCleaner and JRT programs.

Malwarebytes is still reporting the PUP.

I will await a response before doing anything further.

Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes Anti-Malware to your desktop. Double-click the downloaded setup file and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Link to post
Share on other sites

As previously reported Malwarebytes Pro was already installed. The log from the latest scan is copied below.

Please note 15 Windows Updates on July 8 failed due to the crash. I am very concerned about this.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/12/2014
Scan Time: 3:00:59 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.12.01
Rootkit Database: v2014.07.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dimitri Villard
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401021
Time Elapsed: 12 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Babylon.A, C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86" ],), ,[0b96128ccbb02115f1cc834931d319e7]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

  • 2 weeks later...

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-08-2014

Ran by Dimitri Villard at 2014-08-07 18:06:08 Run:2

Running from C:\Users\Dimitri Villard\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Preferences

*****************

 

C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

OK, so this is just a remaining of babylon which won´t harm your computer.

Let´s finish the process:

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.