PUP.Optional.Babylon.A infection - please help to clean

Regent · July 6, 2014

I have the premium edition of Malwarebytes. For weeks Malwarebytes has been identifying this infection and I have been selecting "Ignore Once"

I noticed that my Chrome browser is often being redirected and Chrome blocks the site as "not Google.com"; I don't know if that's related to Babylon.

Thank you for helping me. (I do not see where to choose "Immediate Email Notification" under Options)

Per the instructions I am posting this new topic here and pasting the FRST.txt file below, and attaching the Addition.txt file:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01

Ran by Dimitri Villard (administrator) on DIMITRIVILLARD on 06-07-2014 15:41:32

Running from C:\Users\Dimitri Villard\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(WebEx Communications, Inc.) C:\Windows\SysWOW64\atashost.exe

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Spotify Ltd) C:\Users\Dimitri Villard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe

(ScanBizCards) C:\Program Files (x86)\CardScanSync\CardScanSync.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(JME) C:\Program Files (x86)\jmesoft\hotkey.exe

(Lenovo) C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe

(Lenovo) C:\Program Files\Lenovo\HealthCare\HealthCare.exe

() C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe

(CardScan, Inc.) C:\Program Files (x86)\CardScan\CardScan\CardScanAgent.exe

(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Dropbox, Inc.) C:\Users\Dimitri Villard\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe

(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe

(Lenovo) C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(Lenovo) C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Nitro PDF) C:\Program Files (x86)\Nitro\Reader 3\NitroPDFReader.exe

(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe

(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe

(Google Inc.) C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] => C:\Windows\test.bat

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4081008 2012-07-29] (ESET)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)

HKLM-x32\...\Run: [jmekey] => C:\Program Files (x86)\jmesoft\hotkey.exe [114688 2009-07-16] (JME)

HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe [163840 2009-09-27] (Lenovo)

HKLM-x32\...\Run: [Healthcare] => C:\Program Files\Lenovo\HealthCare\HealthCare.exe [827392 2009-09-28] (Lenovo)

HKLM-x32\...\Run: [setDefaultSCR] => C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-12-30] (Lenovo)

HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [scanSnap WIA Service Checker] => C:\windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [CardScanAgent] => C:\Program Files (x86)\CardScan\CardScan\CardScanAgent.exe [152824 2008-08-27] (CardScan, Inc.)

HKLM-x32\...\Run: [bingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)

HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)

HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1053192 2014-01-31] (Carbonite, Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [GoogleChromeAutoLaunch_EAB773A5E995A146A0D7E06C45FF7018] => C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)

HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [Google Update] => C:\Users\Dimitri Villard\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-29] (Google Inc.)

HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [spotify Web Helper] => C:\Users\Dimitri Villard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-20] (Spotify Ltd)

HKU\S-1-5-21-4231272693-1600837509-2429716476-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-07-05] (Siber Systems)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk

ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardScanSync Service.lnk

ShortcutTarget: CardScanSync Service.lnk -> C:\Windows\Installer\{0EB7A7DA-6A5A-4AE1-B141-305D27188377}\_21469DB4E9CFFD2BED2FCD.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk

ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk

ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\Dimitri Villard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Dimitri Villard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Dimitri Villard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Startup: C:\Users\Dimitri Villard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)

BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)

BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\MasterWriter 2.0\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)

Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)

DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab

DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File

Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 10.10.10.1 209.18.47.61 209.18.47.62

FireFox:

========

FF ProfilePath: C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\AnyMeeting Plug-in\npcnwplugin.dll (AnyMeeting, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Dimitri Villard\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Dimitri Villard\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Dimitri Villard\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: tdameritrade.com/thinkorswim - C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)

FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default\Extensions\LogMeInClient@logmein.com [2014-06-16]

FF Extension: No Name - C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default\Extensions\staged [2014-07-01]

FF Extension: NoScript - C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-31]

FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-06-16]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-06-16]

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-07-29]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-07-29]

FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com

FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-06-10]

FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com

FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-06-10]

FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-06-10]

FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-07-30]

FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-07-29]

FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-07-30]

Chrome:

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86"

CHR Plugin: (Shockwave Flash) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()

CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll (Siber Systems Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll (Cisco WebEx LLC)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\Dimitri Villard\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Extension: (Session Manager) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2013-05-15]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]

CHR Extension: (YouTube) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-29]

CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-03-27]

CHR Extension: (Freemake Video Downloader) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-06-13]

CHR Extension: (Google Search) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-29]

CHR Extension: (Session Buddy) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-05-15]

CHR Extension: (Chromebleed) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-12]

CHR Extension: (Freemake Youtube Download Button) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-06-13]

CHR Extension: (Speek Google Calendar Add-On) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekemipommpaihcpnicokfjopgipanaib [2013-04-22]

CHR Extension: (Chrome Remote Desktop) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-02-09]

CHR Extension: (AnyMeeting) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\haclnjenbegodadajbpfgiejpooonhdb [2013-06-27]

CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-05-26]

CHR Extension: (Freemake Video Converter) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-06-13]

CHR Extension: (Google Wallet) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]

CHR Extension: (Free Fax in the US, Canada) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiidojdnglaafokickcabfmfhpkhdcgp [2014-03-27]

CHR Extension: (Evernote Web Clipper) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-01-16]

CHR Extension: (Google Reader) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2012-08-31]

CHR Extension: (Gmail) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-29]

CHR Extension: (RoboForm) - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-02-20]

CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-06-10]

CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-06-10]

CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-06-10]

CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]

CHR StartMenuInternet: Google Chrome - C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 atashost; C:\windows\SysWOW64\atashost.exe [43912 2012-08-24] (WebEx Communications, Inc.)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)

R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.)

R2 CEEBC40A-FDED-4C59-B354-939132350B01; C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [96752 2009-10-12] ()

R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe [51016 2014-06-09] (Google Inc.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [913144 2012-03-07] (ESET)

S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-14] (Freemake) [File not signed]

R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-05-14] (Ellora Assets Corp.) [File not signed]

R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe [49152 2009-09-30] (Lenovo) [File not signed]

R3 LitModeCtrl; C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe [81920 2009-11-11] (Lenovo) [File not signed]

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-07] (LogMeIn, Inc.)

R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-07] (LogMeIn, Inc.)

R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [895696 2009-10-27] (McAfee, Inc.)

R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)

R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86016 2010-09-13] (PC Pitstop LLC) [File not signed]

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-27] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209768 2012-03-14] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-14] (ESET)

R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2012-03-14] (ESET)

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)

S4 LMIRfsClientNP; No ImagePath

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-06] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-07-16] (McAfee, Inc.)

S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )

R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-07-29] (Acronis)

S3 vmkbd2; C:\windows\system32\drivers\VMkbd.sys [33496 2014-06-12] (VMware, Inc.)

R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

R2 WinI2C-DDC; C:\windows\system32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)

R2 WinI2C-DDC; C:\windows\SysWOW64\drivers\DDCDrv.sys [16200 2009-03-02] (Nicomsoft Ltd.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-06 15:41 - 2014-07-06 15:42 - 00044706 _____ () C:\Users\Dimitri Villard\Desktop\FRST.txt

2014-07-06 15:41 - 2014-07-06 15:41 - 00000000 ____D () C:\FRST

2014-07-06 15:33 - 2014-07-06 15:34 - 02084352 _____ (Farbar) C:\Users\Dimitri Villard\Desktop\FRST64.exe

2014-07-06 15:25 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe

2014-07-06 15:25 - 2014-06-12 18:23 - 00064728 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmx86.sys

2014-07-06 15:25 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe

2014-07-06 15:25 - 2014-06-12 18:21 - 00033496 _____ (VMware, Inc.) C:\windows\system32\Drivers\VMkbd.sys

2014-07-06 15:25 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\windows\system32\Drivers\vsock.sys

2014-07-06 15:25 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\windows\system32\vsocklib.dll

2014-07-06 15:25 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\windows\SysWOW64\vsocklib.dll

2014-07-06 15:24 - 2014-06-12 18:22 - 00931032 _____ (VMware, Inc.) C:\windows\system32\vnetlib64.dll

2014-07-06 15:24 - 2014-06-12 18:22 - 00031448 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetuserif.sys

2014-07-06 15:24 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\windows\system32\Drivers\hcmon.sys

2014-07-06 15:23 - 2014-07-06 15:23 - 00002080 _____ () C:\Users\Public\Desktop\VMware Player.lnk

2014-07-06 15:23 - 2014-07-06 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware

2014-07-06 15:22 - 2014-07-06 15:22 - 00000000 ____D () C:\Program Files\Common Files\VMware

2014-07-05 16:00 - 2014-07-05 16:01 - 88748490 _____ () C:\Users\Dimitri Villard\Downloads\DVDFab v9.156.rar

2014-06-20 22:48 - 2014-07-06 14:37 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-20 22:48 - 2014-06-20 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-20 22:48 - 2014-06-20 22:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-20 22:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-06-20 22:48 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2014-06-19 16:35 - 2014-06-19 16:35 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Local\Adobe

2014-06-18 19:54 - 2014-06-18 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

2014-06-16 10:02 - 2014-06-16 10:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-12 18:22 - 2014-06-12 18:22 - 00080464 _____ (VMware, Inc.) C:\windows\system32\vmnetbridge.dll

2014-06-12 18:22 - 2014-06-12 18:22 - 00049232 _____ (VMware, Inc.) C:\windows\system32\vnetinst.dll

2014-06-12 18:22 - 2014-06-12 18:22 - 00046160 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetbridge.sys

2014-06-12 18:22 - 2014-06-12 18:22 - 00024656 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnet.sys

2014-06-12 18:22 - 2014-06-12 18:22 - 00020560 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetadapter.sys

2014-06-11 06:22 - 2014-05-30 01:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-06-11 06:21 - 2014-05-30 03:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-06-11 06:21 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-06-11 06:21 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-06-11 06:21 - 2014-05-30 02:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-06-11 06:21 - 2014-05-30 02:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-06-11 06:21 - 2014-05-30 02:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-06-11 06:21 - 2014-05-30 02:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-06-11 06:21 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-06-11 06:21 - 2014-05-30 02:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-06-11 06:21 - 2014-05-30 02:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-06-11 06:21 - 2014-05-30 02:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-06-11 06:21 - 2014-05-30 02:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-06-11 06:21 - 2014-05-30 02:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-06-11 06:21 - 2014-05-30 02:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-06-11 06:21 - 2014-05-30 02:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-06-11 06:21 - 2014-05-30 02:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-06-11 06:21 - 2014-05-30 02:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-06-11 06:21 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-06-11 06:21 - 2014-05-30 01:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-06-11 06:21 - 2014-05-30 01:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-06-11 06:21 - 2014-05-30 01:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-06-11 06:21 - 2014-05-30 01:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-06-11 06:21 - 2014-05-30 01:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-06-11 06:21 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-06-11 06:21 - 2014-05-30 01:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-06-11 06:21 - 2014-05-30 01:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-06-11 06:21 - 2014-05-30 01:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-06-11 06:21 - 2014-05-30 01:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-06-11 06:21 - 2014-05-30 01:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-06-11 06:21 - 2014-05-30 01:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-06-11 06:21 - 2014-05-30 01:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-06-11 06:21 - 2014-05-30 01:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-06-11 06:21 - 2014-05-30 01:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2014-06-11 06:21 - 2014-05-30 01:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-06-11 06:21 - 2014-05-30 01:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-06-11 06:21 - 2014-05-30 01:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-06-11 06:21 - 2014-05-30 01:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-06-11 06:21 - 2014-05-30 01:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-06-11 06:21 - 2014-05-30 01:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-06-11 06:21 - 2014-05-30 00:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-06-11 06:21 - 2014-05-30 00:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-06-11 06:21 - 2014-05-30 00:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-06-11 06:21 - 2014-05-30 00:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2014-06-11 06:21 - 2014-05-30 00:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-06-11 06:21 - 2014-05-30 00:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-06-11 06:21 - 2014-05-30 00:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-06-11 06:21 - 2014-05-30 00:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-06-11 06:21 - 2014-05-30 00:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-06-11 06:21 - 2014-05-30 00:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-06-11 06:21 - 2014-05-30 00:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-06-11 06:21 - 2014-05-30 00:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-06-11 06:19 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll

2014-06-11 06:19 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll

2014-06-11 06:19 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll

2014-06-11 06:19 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll

2014-06-11 06:19 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys

2014-06-11 06:19 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS

2014-06-11 06:19 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll

2014-06-11 06:19 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

2014-06-11 06:19 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll

2014-06-11 06:19 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll

2014-06-11 06:19 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll

2014-06-11 06:19 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll

2014-06-11 06:19 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll

2014-06-11 06:19 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-06 15:42 - 2014-07-06 15:41 - 00044706 _____ () C:\Users\Dimitri Villard\Desktop\FRST.txt

2014-07-06 15:41 - 2014-07-06 15:41 - 00000000 ____D () C:\FRST

2014-07-06 15:35 - 2012-07-29 23:25 - 00000948 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4231272693-1600837509-2429716476-1001UA.job

2014-07-06 15:34 - 2014-07-06 15:33 - 02084352 _____ (Farbar) C:\Users\Dimitri Villard\Desktop\FRST64.exe

2014-07-06 15:28 - 2012-07-29 12:36 - 00003990 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{71CB2D6D-BCC4-4303-B327-25EDCA8574EC}

2014-07-06 15:25 - 2012-08-11 16:31 - 00000000 ____D () C:\ProgramData\VMware

2014-07-06 15:23 - 2014-07-06 15:23 - 00002080 _____ () C:\Users\Public\Desktop\VMware Player.lnk

2014-07-06 15:23 - 2014-07-06 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware

2014-07-06 15:23 - 2012-07-29 20:02 - 00803632 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

2014-07-06 15:22 - 2014-07-06 15:22 - 00000000 ____D () C:\Program Files\Common Files\VMware

2014-07-06 15:21 - 2013-07-15 00:25 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-06 15:21 - 2013-07-15 00:25 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-06 15:11 - 2014-02-17 11:01 - 00000558 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-4231272693-1600837509-2429716476-1001.job

2014-07-06 15:01 - 2012-10-10 06:12 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-07-06 15:01 - 2012-08-19 11:08 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\VMware

2014-07-06 15:01 - 2012-08-19 11:08 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Local\VMware

2014-07-06 14:37 - 2014-06-20 22:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-06 14:32 - 2013-03-06 12:59 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\Nitro PDF

2014-07-06 14:32 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\system32\FxsTmp

2014-07-06 09:02 - 2012-07-29 12:13 - 01674868 _____ () C:\windows\WindowsUpdate.log

2014-07-06 06:42 - 2014-05-23 16:46 - 00000000 ____D () C:\ProgramData\PCPitstop

2014-07-06 06:41 - 2013-06-08 22:56 - 00000000 ____D () C:\ProgramData\LogMeIn

2014-07-05 21:35 - 2012-07-29 23:25 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4231272693-1600837509-2429716476-1001Core.job

2014-07-05 16:30 - 2012-07-30 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm

2014-07-05 16:06 - 2012-07-29 14:25 - 00000000 ____D () C:\Users\Dimitri Villard\Documents\Outlook Files

2014-07-05 16:04 - 2012-07-30 06:53 - 00000000 ____D () C:\Program Files (x86)\QuoteTracker

2014-07-05 16:01 - 2014-07-05 16:00 - 88748490 _____ () C:\Users\Dimitri Villard\Downloads\DVDFab v9.156.rar

2014-07-05 16:00 - 2013-11-24 12:03 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Local\2F481989-40D3-415C-B818-FEBB6AC22A65.aplzod

2014-07-05 02:09 - 2014-02-17 11:01 - 00003620 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4231272693-1600837509-2429716476-1001

2014-06-29 06:43 - 2013-04-18 15:50 - 70121984 _____ () C:\Users\Dimitri Villard\Documents\Dimitri Villard Contacts.cdb

2014-06-26 23:11 - 2013-09-17 14:37 - 00000000 ____D () C:\Users\Dimitri Villard\Documents\My Photos

2014-06-26 22:29 - 2012-07-29 14:16 - 00000000 ____D () C:\Users\Dimitri Villard\Documents\My Life

2014-06-25 14:38 - 2009-07-13 21:45 - 00017952 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-25 14:38 - 2009-07-13 21:45 - 00017952 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-23 06:42 - 2012-07-31 19:31 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\Dropbox

2014-06-23 06:42 - 2012-07-29 13:57 - 00000000 ___RD () C:\Users\Dimitri Villard\Dropbox

2014-06-23 06:41 - 2014-05-14 16:09 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\DropboxMaster

2014-06-23 06:41 - 2014-01-28 07:32 - 00000964 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk

2014-06-23 06:41 - 2014-01-28 07:32 - 00000948 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk

2014-06-23 06:41 - 2012-08-06 09:26 - 00037109 _____ () C:\Users\Dimitri Villard\Sti_Trace.log

2014-06-23 06:39 - 2012-11-21 20:30 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-23 06:39 - 2012-09-03 14:23 - 00000000 _____ () C:\windows\system32\Drivers\lvuvc.hs

2014-06-23 06:39 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-06-23 06:39 - 2009-07-13 21:51 - 00062717 _____ () C:\windows\setupact.log

2014-06-23 06:38 - 2012-07-29 12:19 - 00794254 _____ () C:\windows\PFRO.log

2014-06-20 22:49 - 2012-08-02 23:56 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\Skype

2014-06-20 22:48 - 2014-06-20 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-20 22:48 - 2014-06-20 22:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-20 22:48 - 2013-12-14 15:32 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Roaming\Malwarebytes

2014-06-20 22:48 - 2013-12-14 15:32 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-20 22:48 - 2012-06-28 06:23 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-20 15:16 - 2013-07-15 00:25 - 00003912 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-20 15:16 - 2013-07-15 00:25 - 00003660 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-19 16:35 - 2014-06-19 16:35 - 00000000 ____D () C:\Users\Dimitri Villard\AppData\Local\Adobe

2014-06-19 00:52 - 2012-10-10 06:12 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-06-19 00:52 - 2012-08-30 07:39 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-06-19 00:52 - 2012-08-30 07:39 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-06-19 00:44 - 2012-07-29 23:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-06-18 19:54 - 2014-06-18 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

2014-06-17 21:30 - 2012-07-29 23:25 - 00003942 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4231272693-1600837509-2429716476-1001UA

2014-06-17 21:30 - 2012-07-29 23:25 - 00003546 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4231272693-1600837509-2429716476-1001Core

2014-06-17 12:19 - 2012-08-05 07:39 - 00000000 ____D () C:\Program Files (x86)\Google

2014-06-16 10:02 - 2014-06-16 10:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-16 06:06 - 2012-07-29 12:56 - 00000000 ____D () C:\Jts

2014-06-15 23:46 - 2012-07-29 12:16 - 00006127 _____ () C:\windows\system32\Config.MPF

2014-06-12 18:23 - 2014-07-06 15:25 - 00359128 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe

2014-06-12 18:23 - 2014-07-06 15:25 - 00064728 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmx86.sys

2014-06-12 18:22 - 2014-07-06 15:25 - 00437976 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe

2014-06-12 18:22 - 2014-07-06 15:24 - 00931032 _____ (VMware, Inc.) C:\windows\system32\vnetlib64.dll

2014-06-12 18:22 - 2014-07-06 15:24 - 00031448 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetuserif.sys

2014-06-12 18:22 - 2014-06-12 18:22 - 00080464 _____ (VMware, Inc.) C:\windows\system32\vmnetbridge.dll

2014-06-12 18:22 - 2014-06-12 18:22 - 00049232 _____ (VMware, Inc.) C:\windows\system32\vnetinst.dll

2014-06-12 18:22 - 2014-06-12 18:22 - 00046160 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetbridge.sys

2014-06-12 18:22 - 2014-06-12 18:22 - 00024656 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnet.sys

2014-06-12 18:22 - 2014-06-12 18:22 - 00020560 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetadapter.sys

2014-06-12 18:21 - 2014-07-06 15:25 - 00033496 _____ (VMware, Inc.) C:\windows\system32\Drivers\VMkbd.sys

2014-06-11 13:39 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache

2014-06-11 11:17 - 2012-08-02 23:56 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-06-11 11:17 - 2012-08-02 23:56 - 00000000 ____D () C:\ProgramData\Skype

2014-06-11 10:33 - 2012-07-29 23:26 - 00002424 _____ () C:\Users\Dimitri Villard\Desktop\Google Chrome.lnk

2014-06-11 06:30 - 2013-07-15 09:32 - 00000000 ____D () C:\windows\system32\MRT

2014-06-11 06:27 - 2012-07-29 18:26 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-06-11 06:26 - 2012-07-29 16:34 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-10 08:05 - 2012-07-29 14:15 - 00000000 ____D () C:\Users\Dimitri Villard\Documents\My eBooks

2014-06-07 18:06 - 2012-08-05 07:45 - 00000000 ____D () C:\Program Files (x86)\LogMeIn

2014-06-07 18:03 - 2013-06-08 22:56 - 00107368 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll

2014-06-07 18:03 - 2013-06-08 22:56 - 00092488 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll

2014-06-07 18:03 - 2013-06-08 22:56 - 00035656 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll

Files to move or delete:

====================

C:\Users\Dimitri Villard\AppData\Roaming\CamLayout.ini

C:\Users\Dimitri Villard\AppData\Roaming\CamShapes.ini

C:\ProgramData\flashax10.exe

Some content of TEMP:

====================

C:\Users\Dimitri Villard\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzxjynz.dll

C:\Users\Dimitri Villard\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-28 01:00

==================== End Of Log ============================

Addition.txt

Psychotic · July 7, 2014

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Download the attached fixlist.txt and save it to the location where FRST is saved to.
Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe
Hit Scan and wait for the scan to finish.
Confirm the message but don´t uncheck anything.
Hit Clean
When the run is finished, it will open up a text file
Please post its contents within your next reply
You´ll find the log file at C:\AdwCleaner[s1].txt also

Delete junk with JRT

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

fixlist.txt

Regent · July 8, 2014

Please excuse the delay in reporting the results of these steps.

FYI the JRT reported a "bad module" and wanted to restart the computer. After the restart, there was no file displayed, just an empty box.

The ESET Online Scan has been running for approx 15 hours and is only 71% finished, because it is also scanning my external drive that Carbonite backs up a mirror image to. I think there may be more than one image on there. So far it has found a total of 15 threats some of which must be duplicates because they are on the mirror image(s). Some of these I am sure relate to a Win32/Packed Themida threat that is just a protective wrapper used by some software I bought to prevent hacking it.

Please note I have the regular paid version of ESET on my computer and always scan the entire drive every week.

I will post the results when the online scan is finished, hopefully latertoday.

One question: since I have the Premium version of Malwarebytes, I note there is an option to Quarantine the Pup.Optional.Babylon,A threat that it finds. What would happen if I just chose that option?

Thanks very much for your kind help!

In the meantime I have copied the fixlog.txt and the adwcleaner txt to this message:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01

Ran by Dimitri Villard at 2014-07-07 18:08:50 Run:1

Running from C:\Users\Dimitri Villard\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

C:\Users\Dimitri Villard\AppData\Roaming\CamLayout.ini

C:\Users\Dimitri Villard\AppData\Roaming\CamShapes.ini

C:\ProgramData\flashax10.exe

Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

CHR StartupUrls: "hxxp://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86"

*****************

C:\Users\Dimitri Villard\AppData\Roaming\CamLayout.ini => Moved successfully.

C:\Users\Dimitri Villard\AppData\Roaming\CamShapes.ini => Moved successfully.

C:\ProgramData\flashax10.exe => Moved successfully.

'HKCR\PROTOCOLS\Handler\intu-help-qb7' => Key deleted successfully.

'HKCR\CLSID\{5A03BD9D-766D-47A6-8E87-CD90F60BE245}'=> Key not found.

'HKCR\PROTOCOLS\Handler\qbwc' => Key deleted successfully.

'HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57}'=> Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.

'HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}'=> Key not found.

CHR StartupUrls: "hxxp://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86" ==> The Chrome "Settings" can be used to fix the entry.

==== End of Fixlog ====

# AdwCleaner v3.214 - Report created 07/07/2014 at 18:16:05

# Updated 29/06/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Dimitri Villard - DIMITRIVILLARD

# Running from : C:\Users\Dimitri Villard\Desktop\adwcleaner_3.214.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Genesis

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Program Files (x86)\Application Updater

Folder Deleted : C:\Program Files (x86)\pdfforge Toolbar

Folder Deleted : C:\Program Files (x86)\Common Files\Spigot

Folder Deleted : C:\Users\Dimitri Villard\AppData\LocalLow\pdfforge

Folder Deleted : C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf

Folder Deleted : C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh

Folder Deleted : C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj

File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\pdfforge@mybrowserbar.com

File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\wtxpcom@mybrowserbar.com

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\robotaskbaricon_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\robotaskbaricon_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\PIP

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\TENCENT

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Dimitri Villard\AppData\Roaming\Mozilla\Firefox\Profiles\90yk9hk7.default\prefs.js ]

-\\ Google Chrome v20.0.1132.57

[ File : C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3032526

Deleted [search Provider] : hxxps://isearch.avg.com/search?cid={25501502-4C11-42A0-8176-C08709E98CC1}&mid=〈=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [startup_urls] : hxxp://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86

Deleted [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf

Deleted [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh

Deleted [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj

*************************

AdwCleaner[R0].txt - [3610 octets] - [07/07/2014 18:11:58]

AdwCleaner[s0].txt - [3944 octets] - [07/07/2014 18:16:05]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4004 octets] ##########

Psychotic · July 8, 2014

I´ll await the ESET log.

Is this PUP still being detected?

Regent · July 8, 2014

When I looked at the screen this morning (LA time) I saw that Malwarebytes had detected it - I thought I had suspended Malwarebytes but maybe after one of the restarts I forgot to suspend it again.

I told the program to "Ignore Once"

we are now 14 hours into the ESET scan with only 74% done. I wonder whether what is being scanned now is redundant since what it's scanning is the G drive which is the Carbonite mirror backup which would be replaced by a new image after changes to the C drive?

Regent · July 8, 2014

Actually the ESET Online scan raced to the finish just now. The Themida ones are relevant to a program I bought and use (WTT, Cyclesengine2) Here is the text file:

C:\AdwCleaner\Quarantine\C\ProgramData\Ask\APN-Stub\AD5\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Sandbox\Dimitri_Villard\DefaultBox\user\current\AppData\Local\Temp\BunndleOfferManager.dll a variant of Win32/Bunndle potentially unsafe application

C:\Sandbox\Dimitri_Villard\DefaultBox\user\current\AppData\Local\Temp\Ugtg0gu0.exe.part Win32/Graboid potentially unsafe application

C:\Users\Dimitri Villard\Carbonite Restored OLD User Settings\AppData\Roaming\OpenCandy\OpenCandy_1447F06B17FF4376A7A6DA7BEABF0AC6\LatestDLMgr.exe a variant of Win32/OpenCandy.A potentially unsafe application

C:\Users\Dimitri Villard\Desktop\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Users\Dimitri Villard\Downloads\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\Dimitri Villard\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Users\Dimitri Villard\Downloads\FreemakeVideoDownloaderSetup.exe Win32/OpenCandy potentially unsafe application

C:\Users\Dimitri Villard\Downloads\PIP267_AVR8_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

C:\Users\Dimitri Villard\Downloads\wtt_cycles_setup (1).exe a variant of Win32/Packed.Themida potentially unwanted application

C:\Users\Dimitri Villard\Downloads\wtt_cycles_setup (2).exe a variant of Win32/Packed.Themida potentially unwanted application

C:\Users\Dimitri Villard\Downloads\WTT_Cycles_Setup.exe a variant of Win32/Packed.Themida potentially unwanted application

C:\Users\Dimitri Villard\Downloads\Downloads\ftpsetup.exe a variant of Win32/Tool.ServiceRunner potentially unsafe application

C:\WTT\cyclesengine2.dll a variant of Win32/Packed.Themida potentially unwanted application

C:\WTT\MSCVL.ocx a variant of Win32/Packed.Themida potentially unwanted application

Psychotic · July 9, 2014

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe
Hit Scan and wait for the scan to finish.
Confirm the message but don´t uncheck anything.
Hit Clean
When the run is finished, it will open up a text file
Please post its contents within your next reply
You´ll find the log file at C:\AdwCleaner[s1].txt also

Delete junk with JRT

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

Save it to your desktop, start it and follow the instructions in the window.
After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Regent · July 9, 2014

I had an issue: I downloaded 2 sets of Windows updates last night, the second required a reboot. On rebooting, the computer could not start and entered into Startup Repair Mode, and suggested using a Restore Point when it was running OK. I selected Yes and after 10 - 15 minutes the computer did restart successfully. The restore point must be after I installed the various programs you instructed me to install previously as they are still on the desktop. Obviously I am concerned that changes were made to the Registry or elsewhere that caused the crash, and now I don't know if the latest Windows updates are installed or not..

Also, as you know I already ran the adwCleaner and JRT programs.

Malwarebytes is still reporting the PUP.

I will await a response before doing anything further.

Psychotic · July 11, 2014

Full System Scan with Malwarebytes Antimalware

If not existing, please download

Malwarebytes Anti-Malware to your desktop. Double-click the downloaded setup file and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.

If the program is already installed:

Run Malwarebytes Antimalware
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Regent · July 12, 2014

As previously reported Malwarebytes Pro was already installed. The log from the latest scan is copied below.

Please note 15 Windows Updates on July 8 failed due to the crash. I am very concerned about this.

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 7/12/2014

Scan Time: 3:00:59 AM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.07.12.01

Rootkit Database: v2014.07.09.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Dimitri Villard

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 401021

Time Elapsed: 12 min, 19 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

PUP.Optional.Babylon.A, C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.babylon.com/?affID=113597&tt=2912_3&babsrc=HP_ss&mntrId=dd89d957000000000000001b210a8b86" ],), ,[0b96128ccbb02115f1cc834931d319e7]

Physical Sectors: 0

(No malicious items detected)

(end)

Psychotic · July 13, 2014

Please follow these instructions to reset your chrome browser: https://support.google.com/chrome/answer/3296214?hl=en

When finished, rescan with MBAM and tell me if the PUP is still detected.

Regent · July 21, 2014

I reset the Chrome browser. That didn't remove it :=(

Psychotic · August 5, 2014

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Download the attached fixlist.txt and save it to the location where FRST is saved to.
Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

fixlist.txt

Regent · August 8, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-08-2014

Ran by Dimitri Villard at 2014-08-07 18:06:08 Run:2

Running from C:\Users\Dimitri Villard\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Preferences

*****************

C:\Users\Dimitri Villard\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully.

==== End of Fixlog ====

Regent · August 10, 2014

The problem persists. I was in touch with Babylon. They were unable to fix it either. They said they would be in touch with Malwarebytes on this subject.

Psychotic · August 12, 2014

OK, so this is just a remaining of babylon which won´t harm your computer.

Let´s finish the process:

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

AdvancedSetup · August 22, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

PUP.Optional.Babylon.A infection - please help to clean

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information