Jump to content

can't remove babylon and buenosearch


Recommended Posts

Babylon was installed and now buenosearch has taken over.  Followed the most widely recommended uninstall instructions (for windows 7):

 

1.       Exited babylon in windows tray (worked)

2.       Went to Uninstall using Control Panel – but it does not respond.  Goes around in circle like might be initiating and then stops.

 

Can’t open Malware at all will not respond.

 

When open chrome or IE goes to buenosearch.

 

I do have eset security on the computer.

 

Thanks!

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin.....

Link to post
Share on other sites

Thanks so much for explaining about Farbar!  Attached is the Addition.txt and here is the FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by David (administrator) on DAVID-HP on 19-07-2014 19:05:54
Running from C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKYZFHPW
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(PC Backup) C:\Program Files\PC Backup\imonlinestat.exe
(Dropbox, Inc.) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(PC Backup) C:\Program Files\PC Backup\imonlinebackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(PC Backup) C:\Program Files\PC Backup\imonlinebackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [intelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-07-09] (IDT, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [T-Mobile webConnect Manager] => C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe [12800 2011-01-20] (T-Mobile)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4424704 2013-11-05] (Research In Motion Limited)
HKLM-x32\...\Run: [babylon Client] => C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe [3656272 2014-02-18] (Babylon Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [systranToolbar.exe] => C:\Program Files (x86)\SYSTRAN\Desktop\SystranToolbar.exe 
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mstart.exe [40816 2013-08-27] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\Run: [blackBerryLink.exe] => C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [1450000 2013-11-06] (Research In Motion)
HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
InvalidSubkeyName: [HKU\S-1-5-21-775014540-1245447705-1913898584-1001\Software\Microsoft\Windows\CurrentVersion\Run\4100750074006F00720075006E007300440069007300610062006C0065006400] <===== ATTENTION
HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {1c039da1-faa1-11e0-8553-6431509a9b5d} - F:\LaunchU3.exe -a
HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {271a6a12-cc4d-11e1-b88c-001e101f1838} - F:\AutoRun.exe
HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {76f272d6-ac6d-11e3-ba06-0260d8160801} - F:\Start.exe
HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {809e956b-610f-11e1-9c0a-6431509a9b5d} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {98a3b4a5-cbbd-11e1-aa98-001e101faa49} - F:\AutoRun.exe
HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {de58ba73-cbb7-11e1-881e-6431509a9b5d} - F:\AutoRun.exe
HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...\MountPoints2: {de58ba87-cbb7-11e1-881e-6431509a9b5d} - F:\AutoRun.exe
HKU\S-1-5-21-775014540-1245447705-1913898584-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-775014540-1245447705-1913898584-1001\$9fd5cd26cde3dc50177cb423a41cc1d3\n. ATTENTION! ====> ZeroAccess?
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PC Backup Status.lnk
ShortcutTarget: PC Backup Status.lnk -> C:\Program Files\PC Backup\imonlinestat.exe (PC Backup)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DealFinder.lnk
ShortcutTarget: DealFinder.lnk -> C:\Program Files (x86)\AA\DealFinder\DealFinder\DealFinder.exe ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: imonline -> {7186e471-536f-742f-7e26-d15581f2c8b8} => C:\Program Files\PC Backup\imonlineshell.dll (PC Backup)
ShellIconOverlayIdentifiers: imonline2 -> {d7c5ac9b-e62a-51be-1aee-547514ed73d8} => C:\Program Files\PC Backup\imonlineshell.dll (PC Backup)
ShellIconOverlayIdentifiers: imonline3 -> {d7ceef6f-961f-eea7-0a91-d64580e0517b} => C:\Program Files\PC Backup\imonlineshell.dll (PC Backup)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
URLSearchHook: HKCU - Default Value = {6f52f077-2dbf-f864-8da7-73cc1a21005a}
URLSearchHook: HKCU - FCToolbarURLSearchHook Class - {6f52f077-2dbf-f864-8da7-73cc1a21005a} - C:\Program Files (x86)\Upromise RewardU Toolbar\Helper.dll ()
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Upromise RewardU Toolbar BHO -> {2E1946E4-D51E-6074-C16F-ED7E0D98A8E4} -> C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll ()
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bobsled by T-Mobile -> {C8748F11-F4AD-47AF-AB50-C7DF5792096B} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: buenosearch Helper Object -> {F1C81E40-2485-4DB6-8C9D-04BD596B281E} -> C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll No File
Toolbar: HKLM-x32 - Upromise RewardU Toolbar - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll ()
Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 202.134.64.20 8.8.8.8
Tcpip\..\Interfaces\{2628DE12-C1F5-43D7-9242-4B753E7279A8}: [NameServer]10.177.0.34 10.168.187.116
Tcpip\..\Interfaces\{9A0BA68B-1686-4DEA-8672-4FCFAA482606}: [NameServer]10.177.0.34 10.168.187.116
Tcpip\..\Interfaces\{E65F2D84-4D26-4B93-AFDE-01E7BCC6A8C4}: [NameServer]10.177.0.34 10.168.187.116
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\David\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-26]
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF Extension: Babylon Translation Activation - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com [2014-07-17]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: hxxp://www.buenosearch.com/?babsrc=HP_def&mntrId=78ED02704ECD0701&affID=10588&tl=gkn10811&tsp=5312
CHR StartupUrls: "hxxp://www.buenosearch.com/?babsrc=HP_def&mntrId=78ED02704ECD0701&affID=10588&tl=gkn10811&tsp=5312"
CHR DefaultSearchKeyword: buenosearch.com
CHR DefaultSearchProvider: Bueno Search
CHR DefaultNewTabURL: 
CHR Extension: (Website Logon) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2012-07-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]
CHR Extension: (Skype Click to Call) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-20]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
 
==================== Services (Whitelisted) =================
 
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S3 CATmobile; C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe [118784 2010-12-22] (SmithMicro Inc.) [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [33280 2014-06-20] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-04] (Realsil Microelectronics Inc.) [File not signed]
R2 imonlinebackup; C:\Program Files\PC Backup\imonlinebackup.exe [47952 2014-01-17] (PC Backup)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-11-05] (Apple Inc.) [File not signed]
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1286656 2013-11-05] (Research In Motion Limited) [File not signed]
S3 TMobileRcAppSvc; C:\Program Files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe [114688 2010-12-22] (SmithMicro Inc.) [File not signed]
R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2014-06-20] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed]
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R1 imonlineFilter; C:\Windows\System32\DRIVERS\imonline.sys [67808 2014-01-17] (Mozy, Inc.)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-12-22] (Smith Micro Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-08-15] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-15] (Anchorfree Inc.)
R3 tmobile_mf691_dc_enum; C:\Windows\System32\DRIVERS\tmobile_mf691_dc_enum.sys [75776 2010-04-09] (T-Mobile)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-19 19:05 - 2014-07-19 19:06 - 00000000 ____D () C:\FRST
2014-07-18 00:34 - 2014-07-18 00:42 - 00000000 ____D () C:\Users\David\AppData\Roaming\SYSTRAN
2014-07-18 00:34 - 2014-07-18 00:42 - 00000000 ____D () C:\Users\David\AppData\Local\SYSTRAN
2014-07-18 00:32 - 2014-07-19 18:55 - 00000000 ____D () C:\ProgramData\SYSTRAN
2014-07-18 00:27 - 2014-07-19 10:20 - 00000000 ____D () C:\Users\David\Downloads\desktop-enes
2014-07-17 23:37 - 2014-07-18 00:27 - 398555240 _____ () C:\Users\David\Downloads\systran_windows_x86_desktop-enes.exe
2014-07-17 23:37 - 2014-07-17 23:37 - 00000000 ____D () C:\Users\David\AppData\Local\Nexway
2014-07-17 23:24 - 2014-07-19 10:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\Babylon
2014-07-17 23:24 - 2014-07-17 23:26 - 00000000 ____D () C:\Users\David\AppData\Local\Babylon
2014-07-17 23:24 - 2014-07-17 23:24 - 00000000 ____D () C:\Users\David\AppData\Roaming\Acapela Group
2014-07-17 23:23 - 2014-07-19 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
2014-07-17 23:23 - 2014-07-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 12:49 - 2014-07-19 11:19 - 00000000 ____D () C:\ProgramData\Babylon
2014-07-17 12:49 - 2014-07-19 06:04 - 00000000 ____D () C:\Program Files\Babylon
2014-07-17 12:49 - 2014-07-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Babylon
2014-07-17 12:46 - 2014-07-17 12:46 - 00003274 _____ () C:\Windows\System32\Tasks\{AA392FD5-DBDE-4C39-B615-6F909FD86546}
2014-07-17 12:30 - 2014-07-19 06:04 - 00000000 ____D () C:\Users\David\AppData\Local\iWesoft
2014-07-17 12:28 - 2014-07-19 06:04 - 00000000 ____D () C:\Program Files (x86)\Google Translate Tool
2014-07-17 11:22 - 2014-07-17 11:23 - 00000000 ____D () C:\Users\David\Desktop\Visiting Hours Initiative
2014-07-11 09:11 - 2014-07-14 22:32 - 02549248 _____ () C:\Users\David\Desktop\Plan Director de La Red Almenara de EsSalud.ppt
2014-07-09 15:02 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 15:02 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 15:02 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 15:02 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 15:02 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 15:02 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 15:02 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 15:02 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 15:02 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 15:02 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 15:02 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 15:02 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 15:02 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 15:02 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 15:02 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 15:02 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 15:02 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 15:02 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 15:02 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 15:02 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 15:02 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 15:02 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 15:01 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 15:01 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 15:01 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 15:01 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 15:01 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 15:01 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 15:01 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 15:01 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 15:01 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 15:01 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 15:01 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 15:01 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 15:01 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 15:01 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 15:01 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 15:01 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 15:01 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 15:01 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 15:01 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 15:01 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 15:01 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 15:01 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 15:01 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 15:01 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 15:01 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 15:01 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 15:01 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 15:01 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 15:01 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 15:01 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 15:01 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 15:01 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 15:01 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 15:01 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 15:01 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 15:01 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 15:01 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 15:01 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 15:01 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 15:01 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 15:01 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 15:01 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 15:01 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 15:01 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 15:01 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 15:01 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 15:01 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 15:01 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 15:01 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 15:01 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 15:01 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 15:01 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 15:01 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 15:01 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 15:01 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 15:01 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 15:01 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 15:01 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 15:01 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 08:08 - 2014-07-17 11:42 - 00072192 _____ () C:\Users\David\Desktop\Copy of HM14JISCustomerServiceJaimovich.xls
2014-06-28 22:16 - 2014-06-28 22:16 - 00000000 ____D () C:\Users\David\Desktop\Consultants
2014-06-28 17:28 - 2014-06-28 17:28 - 00000000 ____D () C:\Users\David\AppData\Local\Downloaded Installations
2014-06-28 16:28 - 2014-06-28 16:28 - 00002225 _____ () C:\Users\Public\Desktop\BlackBerry Link.lnk
2014-06-28 16:13 - 2014-06-28 16:13 - 00258928 _____ (Cisco WebEx LLC) C:\Users\David\Downloads\Cisco_WebEx_Add-On.exe
2014-06-24 21:56 - 2014-06-24 21:56 - 00000000 ____D () C:\Program Files (x86)\MR APP
2014-06-24 09:08 - 2014-07-19 11:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8fb5be4abbdb.job
2014-06-24 09:08 - 2014-06-24 09:08 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf8fb5be4abbdb
2014-06-20 18:35 - 2014-06-20 18:35 - 00006134 _____ () C:\WirelessDiagLog.csv
2014-06-20 18:06 - 2014-06-22 21:54 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
 
==================== One Month Modified Files and Folders =======
 
2014-07-19 19:06 - 2014-07-19 19:05 - 00000000 ____D () C:\FRST
2014-07-19 19:03 - 2011-10-20 05:48 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2014-07-19 19:01 - 2014-01-06 16:48 - 00000000 ____D () C:\Users\David\AppData\Roaming\Dropbox
2014-07-19 18:59 - 2012-04-10 13:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 18:58 - 2014-05-02 16:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\DropboxMaster
2014-07-19 18:58 - 2014-01-06 17:00 - 00000000 ___RD () C:\Users\David\Dropbox
2014-07-19 18:58 - 2012-01-05 09:33 - 00000000 ____D () C:\Users\David\Documents\Outlook Files
2014-07-19 18:56 - 2011-04-03 13:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-19 18:55 - 2014-07-18 00:32 - 00000000 ____D () C:\ProgramData\SYSTRAN
2014-07-19 18:45 - 2013-11-21 16:17 - 00000000 ____D () C:\Program Files (x86)\outobox
2014-07-19 18:13 - 2014-05-05 16:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf68a7fac845e7.job
2014-07-19 18:04 - 2011-10-19 15:29 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{70DF694E-6F67-4165-9BDE-8E96F60892BE}
2014-07-19 17:05 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-19 14:26 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 14:26 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 11:19 - 2014-07-17 12:49 - 00000000 ____D () C:\ProgramData\Babylon
2014-07-19 11:16 - 2014-06-24 09:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8fb5be4abbdb.job
2014-07-19 11:16 - 2014-01-16 19:11 - 00000000 ____D () C:\Program Files\Google
2014-07-19 11:16 - 2012-08-15 07:22 - 00075773 _____ () C:\Windows\setupact.log
2014-07-19 11:16 - 2012-07-10 23:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-19 11:16 - 2010-11-20 22:47 - 00709208 _____ () C:\Windows\PFRO.log
2014-07-19 11:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 11:15 - 2011-05-28 11:14 - 01755250 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 10:47 - 2012-07-10 23:51 - 00000000 ____D () C:\ProgramData\Google
2014-07-19 10:47 - 2012-07-10 23:46 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2014-07-19 10:34 - 2014-07-17 23:24 - 00000000 ____D () C:\Users\David\AppData\Roaming\Babylon
2014-07-19 10:20 - 2014-07-18 00:27 - 00000000 ____D () C:\Users\David\Downloads\desktop-enes
2014-07-19 10:20 - 2014-07-17 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
2014-07-19 10:20 - 2011-10-19 15:27 - 00000000 ____D () C:\Users\David
2014-07-19 10:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-19 10:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-07-19 06:04 - 2014-07-17 12:49 - 00000000 ____D () C:\Program Files\Babylon
2014-07-19 06:04 - 2014-07-17 12:30 - 00000000 ____D () C:\Users\David\AppData\Local\iWesoft
2014-07-19 06:04 - 2014-07-17 12:28 - 00000000 ____D () C:\Program Files (x86)\Google Translate Tool
2014-07-19 06:04 - 2011-10-20 12:06 - 00000000 ____D () C:\ProgramData\WebEx
2014-07-19 05:40 - 2012-08-10 08:55 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForDavid.job
2014-07-19 05:38 - 2012-08-10 08:55 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDavid
2014-07-18 13:53 - 2011-10-22 18:31 - 00000000 ____D () C:\Users\David\AppData\Local\CrashDumps
2014-07-18 00:42 - 2014-07-18 00:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\SYSTRAN
2014-07-18 00:42 - 2014-07-18 00:34 - 00000000 ____D () C:\Users\David\AppData\Local\SYSTRAN
2014-07-18 00:27 - 2014-07-17 23:37 - 398555240 _____ () C:\Users\David\Downloads\systran_windows_x86_desktop-enes.exe
2014-07-17 23:37 - 2014-07-17 23:37 - 00000000 ____D () C:\Users\David\AppData\Local\Nexway
2014-07-17 23:26 - 2014-07-17 23:24 - 00000000 ____D () C:\Users\David\AppData\Local\Babylon
2014-07-17 23:24 - 2014-07-17 23:24 - 00000000 ____D () C:\Users\David\AppData\Roaming\Acapela Group
2014-07-17 23:23 - 2014-07-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 23:23 - 2014-07-17 12:49 - 00000000 ____D () C:\Program Files (x86)\Babylon
2014-07-17 12:46 - 2014-07-17 12:46 - 00003274 _____ () C:\Windows\System32\Tasks\{AA392FD5-DBDE-4C39-B615-6F909FD86546}
2014-07-17 12:25 - 2012-07-09 23:48 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-17 12:25 - 2011-10-20 08:10 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-17 11:42 - 2014-07-08 08:08 - 00072192 _____ () C:\Users\David\Desktop\Copy of HM14JISCustomerServiceJaimovich.xls
2014-07-17 11:23 - 2014-07-17 11:22 - 00000000 ____D () C:\Users\David\Desktop\Visiting Hours Initiative
2014-07-17 00:37 - 2011-09-05 03:33 - 00003842 _____ () C:\Windows\imonline.flt
2014-07-17 00:37 - 2011-09-05 03:33 - 00003784 _____ () C:\Windows\imonline.blk
2014-07-16 21:29 - 2013-07-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-16 21:22 - 2011-10-20 06:37 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-16 08:55 - 2011-10-20 12:27 - 00000000 ____D () C:\Users\David\Documents\David's Info
2014-07-14 22:32 - 2014-07-11 09:11 - 02549248 _____ () C:\Users\David\Desktop\Plan Director de La Red Almenara de EsSalud.ppt
2014-07-14 20:07 - 2014-02-01 16:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\HpUpdate
2014-07-14 15:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 21:51 - 2009-07-13 23:45 - 00345144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 21:46 - 2014-04-30 08:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 21:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 21:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 09:22 - 2011-10-19 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 10:04 - 2012-01-07 19:21 - 00000000 ____D () C:\Users\David\Documents\QRI forms and bio
2014-07-08 23:29 - 2012-02-28 19:08 - 00033021 _____ () C:\Users\David\AppData\Roaming\Rim.Desktop.Exception.log
2014-07-08 23:29 - 2012-02-28 19:08 - 00012782 _____ () C:\Users\David\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-07-08 18:59 - 2012-04-10 13:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 16:59 - 2012-04-10 13:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 16:59 - 2011-11-26 18:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-01 13:56 - 2011-10-20 14:17 - 00000000 ____D () C:\Users\David\Documents\QRI Six Sigma
2014-06-29 21:09 - 2014-07-09 15:02 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 21:04 - 2014-07-09 15:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 22:20 - 2014-06-18 15:32 - 00000000 ____D () C:\Users\David\Desktop\Documentation
2014-06-28 22:16 - 2014-06-28 22:16 - 00000000 ____D () C:\Users\David\Desktop\Consultants
2014-06-28 22:15 - 2013-03-11 00:58 - 00000000 ____D () C:\Users\David\Documents\Center for Patient Safety
2014-06-28 17:28 - 2014-06-28 17:28 - 00000000 ____D () C:\Users\David\AppData\Local\Downloaded Installations
2014-06-28 16:28 - 2014-06-28 16:28 - 00002225 _____ () C:\Users\Public\Desktop\BlackBerry Link.lnk
2014-06-28 16:28 - 2012-02-28 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
2014-06-28 16:13 - 2014-06-28 16:13 - 00258928 _____ (Cisco WebEx LLC) C:\Users\David\Downloads\Cisco_WebEx_Add-On.exe
2014-06-28 16:05 - 2011-11-20 15:29 - 00227344 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe
2014-06-28 16:05 - 2011-11-20 15:29 - 00137232 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
2014-06-24 22:01 - 2014-03-28 19:40 - 00000000 ____D () C:\ProgramData\MR APP
2014-06-24 21:56 - 2014-06-24 21:56 - 00000000 ____D () C:\Program Files (x86)\MR APP
2014-06-24 14:03 - 2011-11-16 23:56 - 00000000 ____D () C:\Users\David\Documents\Youcam
2014-06-24 09:08 - 2014-06-24 09:08 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf8fb5be4abbdb
2014-06-24 09:08 - 2014-05-05 16:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf68a7fac845e7
2014-06-22 21:54 - 2014-06-20 18:06 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-06-20 18:35 - 2014-06-20 18:35 - 00006134 _____ () C:\WirelessDiagLog.csv
2014-06-20 15:14 - 2014-07-09 15:01 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 14:39 - 2014-07-09 15:01 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-775014540-1245447705-1913898584-1001\$9fd5cd26cde3dc50177cb423a41cc1d3
 
Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\APNSetup.exe
C:\Users\David\AppData\Local\Temp\conhost.dll
C:\Users\David\AppData\Local\Temp\csrss.dll
C:\Users\David\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\David\AppData\Local\Temp\dlLogic.exe
C:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiqu9mx.dll
C:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiyagzk.dll
C:\Users\David\AppData\Local\Temp\Extract.exe
C:\Users\David\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\David\AppData\Local\Temp\GCVerifier.dll
C:\Users\David\AppData\Local\Temp\iexplore.dll
C:\Users\David\AppData\Local\Temp\installer.exe
C:\Users\David\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\David\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\ose00000.exe
C:\Users\David\AppData\Local\Temp\ResetDevice.exe
C:\Users\David\AppData\Local\Temp\SkypeSetup.exe
C:\Users\David\AppData\Local\Temp\SP55151.exe
C:\Users\David\AppData\Local\Temp\sp64126.exe
C:\Users\David\AppData\Local\Temp\tmp73FB.tmp_591707652958.exe
C:\Users\David\AppData\Local\Temp\uninst1.exe
C:\Users\David\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-19 13:46
 
==================== End Of Log ============================

 

 

Addition.txt

Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.

  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs...

 

Kevin

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites

Hi Kevin,

 

1.  malware log:

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 315232

Time Elapsed: 23 min, 13 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 30

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [e0854160df9cb38338335a3659a9db25],

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [e0854160df9cb38338335a3659a9db25],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9}, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchdskBnd.1, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchdskBnd, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchdskBnd, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchdskBnd.1, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d],

PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{828DC97A-2277-4E10-92A9-4907FA0922A9}, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d],

PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{828DC97A-2277-4E10-92A9-4907FA0922A9}, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchHlpr.1, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchHlpr, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchHlpr, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchHlpr.1, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1],

PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1],

PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, Quarantined, [075e5e435d1e63d356ae8310b64c4fb1],

PUP.Optional.Babylon.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [3f26524f502bec4a2eaa78dec93904fc],

PUP.Optional.Outobox.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\outobox, Quarantined, [6ef7abf6e49776c0de997e9148bc40c0],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchappCore, Quarantined, [85e01e834d2e26105240767011f1dc24],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchappCore.1, Quarantined, [6df8752c2b50e94dc8cad70f2fd3d828],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\esrv.buenosearchESrvc, Quarantined, [b5b0623f84f75dd93e5504e2d32f936d],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\esrv.buenosearchESrvc.1, Quarantined, [92d3d9c84d2eb87ec0d33aac03ff649c],

PUP.Optional.Outobox.A, HKLM\SOFTWARE\WOW6432NODE\outobox, Quarantined, [164ffaa73249c373a4d48d82f70dba46],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchappCore, Quarantined, [8ed73c65502b1b1bade58f57f70b4fb1],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchappCore.1, Quarantined, [87de257c5328f93df69cd80ed92931cf],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.buenosearchESrvc, Quarantined, [dc89b8e96b10ca6cf59e71751ee4ef11],

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.buenosearchESrvc.1, Quarantined, [dc89c7daf18a3600375c5f87f1117e82],

PUP.Optional.Outobox.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\outobox, Quarantined, [df86039e3b402f0797e26da2b64eba46],

PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-775014540-1245447705-1913898584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, Quarantined, [68fd326fa3d83cfab416c9186d9510f0],

 

Registry Values: 2

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{828DC97A-2277-4E10-92A9-4907FA0922A9}, buenosearch Toolbar, Quarantined, [e77e752cd0abec4a53b2eaa91ee4936d]

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{828DC97A-2277-4E10-92A9-4907FA0922A9}, Quarantined, [fa6b2180235840f6cc397b18d72bff01],

 

Registry Data: 0

(No malicious items detected)

 

Folders: 3

PUP.Optional.Outobox.A, C:\Program Files (x86)\outobox, Quarantined, [6ef7abf6e49776c0de997e9148bc40c0],

PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\CT3317212, Quarantined, [293cc7da0c6f58de6b93fca708faf10f],

PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\CT3319613, Quarantined, [1b4affa24833d85ea955554ef60cb44c],

 

Files: 16

PUP.Optional.ShopAtHome.A, C:\Users\David\AppData\Roaming\ShopAtHome\ShopAtHomeAppInstaller_C107628769_D1_R1061925.exe, Quarantined, [4124574ae9922c0a07cc392ecf3246ba],

PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\dlLogic.exe, Quarantined, [72f32a77b8c33303af1c40026c9404fc],

PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\GCVerifier.dll, Quarantined, [e3821e839cdf82b46c5efa483ec250b0],

PUP.Optional.Outobox.A, C:\Users\David\AppData\Local\Temp\dlm38CB.tmp\copy1-outobox1120.exe, Quarantined, [3c292e737efd241251324005c53cc040],

PUP.Optional.Outobox.A, C:\Users\David\AppData\Local\Temp\dlm38CB.tmp\outobox1120.exe, Quarantined, [7aebe5bc126945f1fc8778cd68998878],

PUP.Optional.BuenoSearch.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage, Quarantined, [a7befea3f784c96dac1c776a52b08e72],

PUP.Optional.BuenoSearch.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage-journal, Quarantined, [3c29acf506753df9c30610d1f40e728e],

Exploit.Drop.GS, C:\Users\David\AppData\Local\Temp\conhost.dll, Quarantined, [5213227f334824128a4e25e3fc07c040],

Exploit.Drop.GS, C:\Users\David\AppData\Local\Temp\csrss.dll, Quarantined, [4520940df98206300bce54b430d31ce4],

PUP.Optional.Outobox.A, C:\Program Files (x86)\outobox\outobox.ico, Quarantined, [6ef7abf6e49776c0de997e9148bc40c0],

PUP.Optional.Outobox.A, C:\Program Files (x86)\outobox\outoboxUninstall.exe, Quarantined, [6ef7abf6e49776c0de997e9148bc40c0],

PUP.Optional.Outobox.A, C:\Program Files (x86)\outobox\sqlite3.exe, Quarantined, [6ef7abf6e49776c0de997e9148bc40c0],

PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\CT3317212\ddt.csf, Quarantined, [293cc7da0c6f58de6b93fca708faf10f],

PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\CT3319613\ddt.csf, Quarantined, [1b4affa24833d85ea955554ef60cb44c],

PUP.Optional.BuenoSearch.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://www.buenosearch.com/?babsrc=HP_def&mntrId=78ED02704ECD0701&affID=10588&tl=gkn10811&tsp=5312",), Replaced,[b9acb2ef6b106bcb167504d5788c4cb4]

PUP.Optional.BuenoSearch.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www.buenosearch.com/?babsrc=HP_def&mntrId=78ED02704ECD0701&affID=10588&tl=gkn10811&tsp=5312" ],), Replaced,[fc69257cc2b97cba5f5efedb5fa5ca36]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

2. Adwclear log:

 

# AdwCleaner v3.216 - Report created 19/07/2014 at 22:39:55
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : David - DAVID-HP
# Running from : C:\Users\David\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\David\AppData\Local\Babylon
Folder Deleted : C:\Users\David\AppData\Local\Temp\apn
Folder Deleted : C:\Users\David\AppData\Local\Temp\Babylon
Folder Deleted : C:\Users\David\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Users\David\AppData\Roaming\Babylon
File Deleted : C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Key Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\.bof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [babylon Client]
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.FCTB000100987Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.FCTB000100987Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4CC15FBA-46A4-4CB5-BFAF-F2335365AE76}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B6E533F-F78F-4525-B316-312BAF1295D1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8322EB6E-B594-41F6-A30B-CF3F800E1874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{928FE5E7-D557-46B7-8AF6-17ACCE1FB4ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E6772887-C1E1-405E-94BB-D8760A1CF8DF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{928FE5E7-D557-46B7-8AF6-17ACCE1FB4ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_def&mntrId=78ED02704ECD0701&affID=10588&tl=gkn10811&tsp=5312
 
*************************
 
AdwCleaner[R0].txt - [11380 octets] - [19/07/2014 22:12:36]
AdwCleaner[R1].txt - [11441 octets] - [19/07/2014 22:15:51]
AdwCleaner[R2].txt - [11502 octets] - [19/07/2014 22:28:16]
AdwCleaner[s0].txt - [11167 octets] - [19/07/2014 22:39:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11228 octets] ##########
 
 
3.  JRT.txt:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by David on Sun 07/20/2014 at  2:30:16.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealFinder_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealFinder_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DealFinder_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DealFinder_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5240BF41-6440-424F-8EBF-83FE0E876DC5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\David\AppData\LocalLow\FCTB000100987
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{15FEB151-DBCC-484B-BB0A-2F659FBBEB76}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{16283607-59C5-4C2F-81A9-23E3004A2357}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{17E16363-012B-4FED-A3D2-BA460F23C867}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{1A9E6429-16A2-432C-BA25-6AF6948857BF}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{1C05A6DB-6D21-4054-BEBE-D19BC5D9751D}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{1F1F7C73-6540-44C2-84FC-41E00717671A}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{209B4743-1161-4BD8-B8C9-1F7B9D06B208}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{3143B5D5-5657-4317-8FD3-93F7777A4003}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{4F7F1FE9-1CDD-472A-922B-2995D53A9C48}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{72B5B836-9412-42D0-A6DE-C04C5083151F}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{853F5BD9-006F-447B-8FAF-8BA8B93C2BA4}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{8674A0A3-5A6A-4751-9E60-E0AA6FEF80FD}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{89AC9F74-7FCA-4746-86AB-103C393C0EE8}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{89F5A52C-D532-4439-913F-E30F030B3269}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{8B6919A0-4552-4054-9B96-8D96330F46EC}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{AD0738D4-E5B5-48C4-8926-EF3A03DFA23F}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{AD4B187C-37FE-493E-9693-4739CC4DC22B}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{B3FD76BC-9FF0-4A38-AD63-B4271AB12C30}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{B61798B8-AB99-4434-9228-85D4C6114058}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{C0C768A9-35F4-4EBB-9E42-31DC9DE93DE9}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{C5F3D5CE-92F8-4D5B-BB5C-4CE0DA8B9D1F}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{C9850FD1-E897-4337-8241-35208022E6AA}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{CC26346D-0A37-4C69-96F7-0BC52C077949}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{E155FAAE-1EF7-40C9-A7EE-B6AD7858ECBD}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{E29961D2-FB9B-407A-BECE-631808686556}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{E7567038-51A7-4CE1-98EC-EEB0219FAA5F}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{E86EC86A-0D87-42B5-9773-284E68222D9B}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{E955C48B-F7B1-435E-BF57-9310BCBA6F36}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/20/2014 at  2:44:47.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Thanks for all of your help!
Link to post
Share on other sites

Yes logs show big improvements, continue please:

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Let me see those two logs, also give an update on any remaining issues or concerns you may have....

 

Kevin

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.