Jump to content

Search the Community

Showing results for tags 'babylon'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 22 results

  1. Dear Malwarebytes team, We have learned that your Malwarebytes software (Free \ Premium) identifies one of our registry keys - HKLM\SOFTWARE\CLASSES\PROD.CAP as Adware.Agent.OL . (see screenshot attached). In October of 2014, Babylon Software LTD. purchased the translation business from Babylon LTD. Babylon Software has cleaned the software from any toolbars, search properties and even the technical possibility to offer 3rd party software. Our software is Babylon translator software (Babylon NG v0.1.4 version), it is designed to provide translation of terms and phrases, as well as translation of text and documents, and conversion feature for currency \ time \ measurement units. It is not an Adware or Trojan or PUA or malicious in any way. Our software is safe to use, and does not pop-up advertisements to its users. Your detection is a false positive on your part and we would kindly ask you to correct it ASAP and remove us from “black list”. The registry key HKLM\SOFTWARE\CLASSES\PROD.CAP is legit. Thank you in advance, Rotem Babylon Software Support team FPreport-06-24-2021.txt
  2. Today I realised after a malwarebytes scan that I have the babylon PUP infecting(?) google chrome. I have tried many tools including malwarebytes, avast, ADWcleaner, FRST etc to try and diagnose and resolve the problem but with no luck. I (think) I have narrowed the problem down to a single file: C:\Users\"Username"\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences There is a line in this file which sets a startup URL to "http://search.babylon.com/?affID=111434&tt=010712_4&babsrc=HP_ss&mntrId=6e7008aa00000000000090a4dea255ab""http://search.babylon.com/?affID=111434&tt=010712_4&babsrc=HP_ss&mntrId=6e7008aa00000000000090a4dea255ab" I can manually delete this file, but every time I start chrome, it is added again? I have no idea what else I can do so any help will be greatly appreciated
  3. Babylon was installed and now buenosearch has taken over. Followed the most widely recommended uninstall instructions (for windows 7): 1. Exited babylon in windows tray (worked) 2. Went to Uninstall using Control Panel – but it does not respond. Goes around in circle like might be initiating and then stops. Can’t open Malware at all will not respond. When open chrome or IE goes to buenosearch. I do have eset security on the computer. Thanks!
  4. Hello there. Every time (daily) Malwarebytes runs it finds entries for Babylon toolbar inside the prefs.js file in my Firefox profile. For the first few times I clicked 'Quarantine all', but the next scan the detections are back. I then tried manually selecting 'quarantine' for each item (about 20) but when the next scan is run, guess what? They're baa-aaack!. I then deleted the prefs.js file from this path: AppData\Roaming\Mozilla\Firefox\Profiles\nnnnnnnnnn\ but, you guessed it. The detections were back in the next scan. I'm really getting tired of this and would love to hear an explanation. Here are some typical entries: PUP.Optional.Babylon.A, C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\r19v7a82.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"), Replaced,[da9b53d6403b39fd095d79d1ce36ca36] PUP.Optional.Babylon.A, C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\r19v7a82.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none"), Replaced,[1263ec3d92e9bf7767ffa9a1ee16d12f] PUP.Optional.Babylon.A, C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\r19v7a82.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss"), Replaced,[175efd2cf289ba7cb5b163e780841ee2] PUP.Optional.Babylon.A, C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\r19v7a82.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.tlbrId", "base"), Complete log attached.MB_Log.txt Thank-you.
  5. Hello. I've been doing free Malwarebytes scans (quick and full scans) in safe mode since July 29, 2013 and I have found some PUPs (specifically, pup.optional.babylon.a and pup.optional.tarma.a) and trojan.banker. They were quarantined and deleted. (Well, that's what the "Logs" said. The malware is in the "Quarantine" section of Malwarebytes as well.) Today, I did a Malwarebytes full scan in safe mode and no threats were found. I also did some quick scans (in "regular" mode i.e. not in safe mode) using Norton 360 and SuperAntiSpyware and no threats were found. I'm concerned about the state of my computer and I'm wondering whether I have any more malware on my laptop. I'm also curious about what to do after finding the trojan.banker, which I've read is really bad news. I'll definitely be changing my passwords, but I was wondering if I have to change my router passwords as well? Any advice on how to prevent malware attacks in the future? Any help would be immensely appreciated. Thanks and good day. Below is the dds.txt and attach.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16496 Run by Lapreasha at 19:48:37 on 2013-07-31 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1137 [GMT -4:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\WLANExt.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe C:\TOSHIBA\IVP\ISM\pinger.exe C:\Program Files\Secunia\PSI\PSIA.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe C:\Windows\system32\taskeng.exe C:\Program Files\Secunia\PSI\sua.exe C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\DllHost.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k SDRSVC . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\ipsbho.dll BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe mRun: [skytel] Skytel.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001013-0002-0013-ABCDEFFEDCBC} - <orphaned> IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.0.1 TCP: Interfaces\{C2855BE1-397D-4868-A2A8-74543FB04624} : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\users\lapreasha\appdata\roaming\mozilla\firefox\profiles\n52indrg.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll FF - plugin: c:\users\lapreasha\appdata\roaming\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\users\lapreasha\appdata\roaming\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-15 367704] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-15 934488] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-18 1002072] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-15 134744] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20130730.001\IDSvix86.sys [2013-7-30 386720] R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-20 20384] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-15 175264] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-6-15 352344] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 N360;Norton 360;c:\program files\norton 360\engine\20.4.0.40\ccsvchst.exe [2013-6-15 144368] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2013-7-28 132056] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-7-31 106656] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-20 954368] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856] . =============== Created Last 30 ================ . 2013-07-31 09:59:07 -------- d-sh--w- C:\found.002 2013-07-31 07:19:07 -------- d-----w- c:\windows\system32\MRT 2013-07-31 06:02:16 -------- d-----w- c:\program files\OpenOffice 4 2013-07-29 20:41:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-29 20:41:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-29 19:06:18 -------- d-----w- c:\windows\pss 2013-07-29 18:31:20 -------- d-----w- c:\users\lapreasha\appdata\local\NPE 2013-07-28 21:36:59 920472 ----a-w- c:\program files\mozilla firefox\firefox.exe 2013-07-28 21:36:59 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2013-07-28 21:36:59 478104 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2013-07-28 21:36:59 3407256 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2013-07-28 21:36:59 279448 ----a-w- c:\program files\mozilla firefox\freebl3.dll 2013-07-28 21:36:58 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2013-07-28 21:36:58 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2013-07-28 21:36:58 1090952 ----a-w- c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll 2013-07-28 21:36:56 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2013-07-28 21:36:56 263576 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll 2013-07-28 21:36:56 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2013-07-28 21:17:55 -------- d-----w- c:\program files\Norton PC Checkup 3.0 2013-07-28 21:05:44 -------- d-----w- c:\users\lapreasha\appdata\roaming\PCCUStubInstaller 2013-07-11 09:07:30 2049024 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2013-07-19 02:37:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-19 02:37:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-17 22:29:41 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll 2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-05-29 01:41:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-05-29 01:33:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-23 05:25:28 934488 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symefa.sys 2013-05-21 05:02:00 367704 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symds.sys 2013-05-16 05:02:14 603224 ----a-w- c:\windows\system32\drivers\n360\1404000.028\srtsp.sys 2013-05-08 04:04:52 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-05-08 03:40:36 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-08 01:58:22 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . ============= FINISH: 19:49:48.63 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/20/2009 8:44:13 PM System Uptime: 7/31/2013 4:51:09 PM (3 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: AMD Turion X2 Dual-Core Mobile RM-70 | Socket M2/S1G1 | 500/1800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 226 GiB total, 168.299 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: Realtek High Definition Audio Device ID: ROOT\MEDIA\0000 Manufacturer: Realtek Name: Realtek High Definition Audio PNP Device ID: ROOT\MEDIA\0000 Service: IntcAzAudAddService . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office system 7-Zip 9.28 alpha Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Driver Installation Program Atheros Wi-Fi Protected Setup Library ATI Catalyst Install Manager Audacity 2.0 Bonjour Camera Assistant Software for Toshiba Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CD/DVD Drive Acoustic Silencer Citrix Presentation Server Client Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition ESET Online Scanner v3 GearDrvs Google Chrome Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Inkscape 0.48.4 iTunes Malwarebytes Anti-Malware version 1.75.0.1300 Memeo AutoBackup Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Access 2010 Microsoft Fix it Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Move Media Player Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) Norton 360 Norton PC Checkup OGA Notifier 2.0.0048.0 OpenOffice 4.0.0 QuickBooks Financial Center QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Secunia PSI (2.0.0.4003) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Skins Skype Toolbars SUPERAntiSpyware swMSM Synaptics Pointing Device Driver TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Face Recognition TOSHIBA Games TOSHIBA Hardware Setup TOSHIBA Recovery Disc Creator Toshiba Registration TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) WinZip 14.0 Yahoo! Detect . ==== End Of File ===========================
  6. Knights of M.Bytes, I humbly request your consideration as I secure the machines that have until recently been under the exiguous care of my predecessor; Every device was running bare bones internet explorer(although I have heard many proclaim the redemption of MS's competence in the browser realm) and an inconsistent smattering of redundant antivirus', with no two machines running the same brand. As I assuage the chaos and foment a new zen in my jurisdiction I will post my inital malwarebytes .txt dymp here. I found this forum via google queries in the past month pertaining to specific species of malware. The user "Gringo" has proven to be a suitable search term since I have benefitted from his expertise several times with issues on my non-work projects. ____________________________________________________ It would appear that this first computer http://i.imgur.com/kpCcmud.jpg was host to at least two malicious objects (which is an improvement from 30+ last time around) and as soon as malwarebytes:anti-malware(fullscan) detected these two elements I recieved a pop up notification from my antivirus (Comodo Antivirus) indicating that it too had coincidentally noticed two malicious objects. I didn't really hesitate to select the "take care of it" button on the Comodo alert. Out of habit I was concurrently running an instance of Malwarebytes:Anti-Rootkit. It completed its scan shortly after I instructed Comodo to purge the offending objects and announced that there was no malware detected. at any rate here is the Malwarebytes log _____________________________________________________ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.20.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Apex :: APEX-I3-02 [administrator] 6/20/2013 2:41:00 PM MBAM-log-2013-06-20 (15-29-34).txt Scan type: Full scan (C:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 347355 Time elapsed: 48 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDFPerformer (PUP.BundleInstaller.IB) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files (x86)\Uninstall Information\Ib\34\3701\ib_uninstall.exe (PUP.BundleInstaller.IB) -> No action taken. (end) __________________________________________________________________________________ Following this scan I opted to strike the "Remove Selected" button (MalwareBytes:Anit-Malware), and I shall agree to restart my computer remove the active threats as soon as I have succesfully posted this message. Although I appear to have removed everything that is what I thought the first time around, hence; this thread. Thank you for your time -R.E.M.
  7. Sorry if this is the wrong place to put it, but after tediously trying to uninstall and get rid of babylon, it doesnt seem to want to go away. Im not actually sure if its a virus, but it is incredibly annoying. Its survived multiple Roguekiller scans, TDSS scans, combofix's and ADWcleans.. So if somebody could, please explain to me what it is, and how I can get rid of it. Heres this DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8080.16413 BrowserJavaVersion: 10.5.1 Run by s5300 at 1:31:12 on 2013-06-16 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.821 [GMT -4:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\system32\atieclxx.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\SysWOW64\PnkBstrA.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files (x86)\BOINC\boincmgr.exe C:\Program Files (x86)\BOINC\boinctray.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\BOINC\boinc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\System32\perfmon.exe C:\Windows\system32\PING.EXE C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.233\deploy\League of Legends.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.29\deploy\LolClient.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s mRun: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start StartupFolder: C:\Users\s5300\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://medsvc.cats.ohiou.edu/AxisCamControl.ocx DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{C66AC914-AFB0-48E5-8DA5-796F6484816D} : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - x64-SSODL: WebCheck - . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\s5300\AppData\Roaming\Mozilla\Firefox\Profiles\0x1ncaig.default-1364867584342\ FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\s5300\AppData\Roaming\raidcall\plugins\nprcplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - ExtSQL: 2013-05-20 13:42; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; C:\Users\s5300\AppData\Roaming\Mozilla\Firefox\Profiles\0x1ncaig.default-1364867584342\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-7-8 254528] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-18 202752] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-10-15 166400] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-10-15 128512] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-12-26 1290752] R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-21 49152] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656] . =============== File Associations =============== . FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [userChoice] . =============== Created Last 30 ================ . 2013-06-15 14:49:52 -------- d-sh--w- C:\$RECYCLE.BIN 2013-06-15 12:15:22 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-06-05 21:15:36 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-06-05 21:15:31 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2013-06-01 14:19:55 -------- d-----w- C:\Users\s5300\AppData\Roaming\.technic 2013-05-31 16:12:02 -------- d-----w- C:\Ubisoft 2013-05-31 16:10:24 -------- d-----w- C:\Users\s5300\AppData\Local\Apps 2013-05-31 16:10:22 -------- d-----w- C:\Users\s5300\AppData\Local\Deployment 2013-05-22 11:49:33 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2013-05-18 04:45:24 -------- d-----w- C:\Users\s5300\AppData\Roaming\Sandswept Studios 2013-05-18 04:42:05 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2013-05-18 04:42:05 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2013-05-18 04:42:05 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2013-05-18 04:42:05 -------- d-----w- C:\Program Files (x86)\OpenAL 2013-05-18 04:42:04 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2013-05-18 04:42:04 -------- d-----w- C:\Sandswept Studios . ==================== Find3M ==================== . 2013-06-16 01:58:36 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-06-16 01:26:28 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-06-12 05:15:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 05:15:25 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 1:35:20.92 =============== and this . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/26/2010 5:03:40 AM System Uptime: 6/15/2013 6:22:35 PM (7 hours ago) . Motherboard: ASUSTeK Computer INC. | | M4A785TD-M EVO Processor: AMD Athlon II X3 450 Processor | AM3 | 3200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 129.021 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP191: 5/31/2013 12:08:20 PM - Installed DirectX RP192: 5/31/2013 12:10:04 PM - Installed DirectX RP193: 6/7/2013 4:38:44 PM - Installed Forged Alliance Forever RP194: 6/15/2013 9:56:09 AM - ComboFix created restore point . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Shockwave Player 11.5 applicationupdater ARMA 2 Arma 2: Operation Arrowhead Battlefield 3™ Battlefield 3™ Open Beta Battlefield Heroes Battlelog Web Plugins BattlEye for OA Uninstall BattlEye Uninstall Bing Bar Bing Bar Platform Bing Rewards Client Installer BOINC Call of Duty: Black Ops II - Multiplayer Counter-Strike: Source DAEMON Tools Lite Day of Defeat: Source DayZ Commander EPSON Artisan 700 Series Printer Uninstall EPSON Artisan 720 Series Printer Uninstall Epson Event Manager Epson Print CD EPSON Scan EpsonNet Setup 3.3 ESN Sonar Facebook Video Calling 1.2.0.287 Feedback Tool ffdshow v1.2.4486 [2012-08-25] foobar2000 v1.1.7 Forged Alliance Forever Fraps gamelauncher-ps2-live Ghost Recon Online (NCSA-Live) Google Chrome Google Earth Google Update Helper Gotham City Impostors: Free To Play GPGNet Half-Life Half-Life 2 Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054) Java 7 Update 10 Java Auto Updater Java 7 Update 4 (64-bit) JavaFX 2.1.1 League of Legends Left 4 Dead 2 Logitech Gaming Software Logitech Gaming Software 8.40 LogMeIn Hamachi Malwarebytes Anti-Malware version 1.75.0.1300 MapleStory Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Default Manager Microsoft Help Viewer 1.0 Microsoft Silverlight Microsoft SQL Server 2008 (64-bit) Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 Express - ENU Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service Nexon Game Manager NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Controller Driver 306.97 NVIDIA 3D Vision Driver 306.97 NVIDIA Control Panel 306.97 NVIDIA Graphics Driver 306.97 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0604 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.10.8 NVIDIA Update Components OpenAL OpenOffice.org 3.2 Origin PlanetSide 2 Platform Portal PunkBuster Services Razer Mamba Realtek Ethernet Controller Driver For Windows Vista and Later Realtek High Definition Audio Driver RuneScape Launcher 1.2 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489) Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) Skype Toolbars Skype™ 6.3 Source SDK Base 2006 SpeedFan (remove only) Spybot - Search & Destroy Sql Server Customer Experience Improvement Program Star Wars Empire at War Star Wars Empire at War Forces of Corruption StarCraft II Steam Supreme Commander - Forged Alliance Team Fortress 2 TeamSpeak 3 Client TeamViewer 7 The Dead Linger Alpha Update for Microsoft .NET Framework 4 Client Profile (KB2473228) VIA Platform Device Manager VLC media player 1.0.1 WinRAR 4.20 (64-bit) Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Mail Advisor Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 6/16/2013 1:31:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Hamachi2Svc service. 6/15/2013 9:51:11 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error: An instance of the service is already running. 6/15/2013 9:48:57 AM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: The service has not been started. 6/15/2013 9:48:57 AM, Error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:48:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect. 6/15/2013 9:48:28 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 6/15/2013 9:48:28 AM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/15/2013 9:48:23 AM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:48:23 AM, Error: Service Control Manager [7001] - The Base Filtering Engine service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:48:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Driver Foundation - User-mode Driver Framework service to connect. 6/15/2013 9:48:19 AM, Error: Service Control Manager [7001] - The Portable Device Enumerator Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:48:19 AM, Error: Service Control Manager [7000] - The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/15/2013 9:48:17 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 6/15/2013 9:48:15 AM, Error: Service Control Manager [7001] - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:48:15 AM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:48:05 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:47:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect. 6/15/2013 9:47:28 AM, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/15/2013 9:47:25 AM, Error: Service Control Manager [7001] - The Windows Defender service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:47:17 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 6/15/2013 9:47:07 AM, Error: Service Control Manager [7001] - The Windows Update service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:47:07 AM, Error: Service Control Manager [7001] - The Windows Search service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:47:07 AM, Error: Service Control Manager [7001] - The Software Protection service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:47:07 AM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:47:07 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:47:07 AM, Error: Service Control Manager [7001] - The Google Update Service (gupdate) service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:47:07 AM, Error: Service Control Manager [7001] - The Function Discovery Provider Host service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:47:07 AM, Error: Service Control Manager [7001] - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:47:07 AM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:46:49 AM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: The service has returned a service-specific error code. 6/15/2013 9:46:49 AM, Error: Service Control Manager [7001] - The Program Compatibility Assistant Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:46:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled. 6/15/2013 9:46:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled. 6/15/2013 9:46:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled. 6/15/2013 9:46:37 AM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 6/15/2013 9:46:37 AM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 6/15/2013 9:46:37 AM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 6/15/2013 9:46:31 AM, Error: Service Control Manager [7034] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 3 time(s). 6/15/2013 9:46:28 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/15/2013 9:46:28 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 6/15/2013 9:46:28 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/15/2013 9:46:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect. 6/15/2013 9:46:28 AM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/15/2013 9:45:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/15/2013 9:45:30 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:45:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/15/2013 9:45:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/15/2013 9:45:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 6/15/2013 9:41:20 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:41:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 6/15/2013 9:41:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 6/15/2013 9:40:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl 6/15/2013 9:40:25 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:40:25 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/15/2013 9:40:25 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 6/15/2013 9:40:25 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:40:25 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:40:25 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 6/15/2013 9:40:25 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:40:25 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:40:25 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 9:40:25 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/15/2013 9:40:25 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/15/2013 9:04:08 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2. 6/15/2013 8:59:17 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 6/15/2013 8:52:47 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/15/2013 8:52:47 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 6/15/2013 8:52:47 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 8:52:45 AM, Error: Service Control Manager [7031] - The IPsec Policy Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/15/2013 8:52:41 AM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/15/2013 8:52:35 AM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/15/2013 8:52:35 AM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/15/2013 8:52:30 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/15/2013 8:52:30 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 6/15/2013 8:52:30 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/15/2013 8:52:30 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/15/2013 8:52:30 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 8:52:26 AM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/15/2013 8:52:23 AM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/15/2013 8:52:23 AM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 6/15/2013 8:52:23 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/15/2013 8:52:21 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Remote Procedure Call (RPC) service, but this action failed with the following error: A system shutdown has already been scheduled. 6/15/2013 8:52:21 AM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/15/2013 8:52:21 AM, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 6/15/2013 8:48:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/15/2013 7:18:06 AM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/15/2013 7:18:06 AM, Error: Service Control Manager [7031] - The Windows Connect Now - Config Registrar service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/15/2013 7:18:06 AM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 6/15/2013 7:18:06 AM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 6/15/2013 7:18:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 6/15/2013 7:18:03 AM, Error: Service Control Manager [7000] - The PnP-X IP Bus Enumerator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/15/2013 7:15:56 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MARKPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E73F566E-226A-43F9-932A-EF5B10B932C6}. The master browser is stopping or an election is being forced. 6/15/2013 6:25:21 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 6/15/2013 6:25:21 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 6/15/2013 6:24:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/15/2013 10:14:58 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/15/2013 10:14:28 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6/15/2013 1:18:58 AM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/14/2013 12:17:28 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user s5300-PC\s5300 SID (S-1-5-21-1687880141-4119958463-1330821113-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/14/2013 12:17:28 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user s5300-PC\s5300 SID (S-1-5-21-1687880141-4119958463-1330821113-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/14/2013 12:17:28 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user s5300-PC\s5300 SID (S-1-5-21-1687880141-4119958463-1330821113-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/12/2013 9:05:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 6/12/2013 9:05:28 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/10/2013 6:49:48 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MATT-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C66AC914-AFB0-48E5-8DA5-796F6484816D}. The master browser is stopping or an election is being forced. . ==== End Of File ===========================
  8. Hi there, I'm having so much trouble with the Funmoods/Babylon malware and I haven't been able to rid myself of it. I have the Pro version of Malwarebytes and have performed a full scan of my drives, and no threats have been detected. In the past I have tried ADWcleaner and yet Funmoods/Babylon always gets associated with my Google chrome browser on this computer. It doesn't infect Firefox, as I have had to use instead in order to subside it but it does Chrome every time I login to my google account and use the browser. Here are my log files, starting with Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 5/6/2012 8:22:21 PM System Uptime: 5/15/2013 6:36:30 PM (0 hours ago) . Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH Z77 Processor: Intel® Core i5-3570K CPU @ 3.40GHz | LGA1155 | 3401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 119 GiB total, 17.011 GiB free. D: is CDROM (CDFS) E: is FIXED (NTFS) - 2794 GiB total, 2607.575 GiB free. F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP181: 5/7/2013 6:47:45 PM - Windows Update RP182: 5/10/2013 10:11:38 PM - Windows Update RP184: 5/11/2013 11:00:06 AM - Revo Uninstaller Pro's restore point - Samsung Kies RP185: 5/11/2013 11:07:05 AM - Removed Samsung Kies RP186: 5/14/2013 10:47:24 PM - Windows Update . ==== Installed Programs ====================== . 7-Zip 9.22beta Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) MUI AI Suite II Antec CC Antec CC Driver x64 Apple Application Support Apple Mobile Device Support Apple Software Update Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia ASM106x SATA Host Controller Driver Assassin's Creed ® III ASUS E-Green Uninstall AT&T Connect Participant Application v9.0.82 Autodesk Material Library 2013 Autodesk Material Library Base Resolution Image Library 2013 Autodesk Material Library Low Resolution Image Library 2013 Autodesk Material Library Medium Resolution Image Library 2013 Autodesk Revit Architecture 2013 Big Fish Games: Game Manager BioShock Infinite Bonjour BOSS calibre 64bit CPUID CPU-Z 1.60.1 Crysis®3 DAEMON Tools Lite Diablo II Diablo III Dishonored © Bethesda Softworks version 1 DivX Setup Dota 2 E-Hammer ESET Online Scanner v3 EVGA Precision X 3.0.2 FARO LS 1.1.408.2 FARO LS 4.8.2.25521 Fraps GameFly GameSpy Comrade Google Chrome Google SketchUp 8 Google Talk Plugin Google Update Helper GrabIt 1.7.2 Beta 6 (build 1008) Guitar Pro 6 Half-Life® 2 HandBrake 0.9.8 Heaven DX11 Benchmark version 3.0 Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) ImgBurn Intel® Control Center Intel® Management Engine Components Intel® Network Connections 16.6.126.0 Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client Intel® Watchdog Timer Driver (Intel® WDT) iTunes Malwarebytes Anti-Malware version 1.75.0.1300 Mass Effect™ 3 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729 Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729 Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729 Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MPC-HC 1.6.6.6428 (f788cc5)Lite (64-bit) MSI Afterburner 2.3.1 Nexus Mod Manager NVIDIA 3D Vision Controller Driver 314.22 NVIDIA 3D Vision Driver 314.22 NVIDIA Control Panel 314.22 NVIDIA Graphics Driver 314.22 NVIDIA HD Audio Driver 1.3.23.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.12.12 NVIDIA Update Components Origin Peggle Nights Portal 2 Portal 2 Authoring Tools - Beta PunkBuster Services Realtek High Definition Audio Driver Revit Architecture 2013 Revit Architecture 2013 Language Pack - English Revo Uninstaller Pro 3.0.5 SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) SimCity™ Source SDK Base 2007 StarCraft II Steam Team Fortress 2 TeamSpeak 3 Client The Elder Scrolls V Skyrim - High Resolution Texture Pack The Sims™ 3 The Walking Dead © 3 version 1 The Walking Dead Episode 2 - Starved for Help The Walking Dead Episode 3 © TellTale Games version 1 Tomb Raider Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Uplay VC80CRTRedist - 8.0.50727.6195 Ventrilo Client for Windows x64 VIRTU MVP 2.1.112 Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 VLC media player 2.0.3 Win7codecs Worms Revolution x64 Components v3.9.3 . ==== Event Viewer Messages From Past Week ======== . 5/15/2013 8:03:29 AM, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database. 5/15/2013 6:38:42 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/15/2013 6:38:42 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 5/15/2013 6:36:34 PM, Error: volmgr [46] - Crash dump initialization failed! . ==== End Of File =========================== And here is DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 Run by JL at 18:48:30 on 2013-05-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8145.5912 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe E:\Programs\Malwarebytes' Anti-Malware\mbamscheduler.exe E:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe E:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Steam\Steam.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Windows\system32\wbem\WmiApSrv.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\JL\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll uRun: [Google Update] "C:\Users\JL\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 TCP: NameServer = 192.168.1.1 TCP: Interfaces\{FC7ED8C4-89D8-408E-B760-D05729A4236D} : DHCPNameServer = 192.168.1.1 AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\JL\AppData\Roaming\Mozilla\Firefox\Profiles\k0be581h.default-1363458111380\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Users\JL\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll . ============= SERVICES / DRIVERS =============== . R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-6 16152] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-1 283200] R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2012-5-6 32360] R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-28 918448] R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-2-2 951936] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-5-6 586880] R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe [2012-5-6 1492912] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-5-8 23816] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-6 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-5-6 178344] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-6 161560] R2 MBAMScheduler;MBAMScheduler;E:\Programs\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-3 418376] R2 MBAMService;MBAMService;E:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-3 701512] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-6 363800] R3 ASEUSBCC;ASEUSBCC;C:\Windows\System32\drivers\AseUSBCC.sys [2011-5-23 16384] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-5-6 160768] R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-6 355096] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-6 786200] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-5-8 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-5-9 66336] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2013-4-11 35840] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-12-3 102368] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-5-10 1432400] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-6 331264] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-5-11 31800] S3 RTCore64;RTCore64;E:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-22 13368] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-12-3 203104] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-15 1255736] S3 WinRing0_1_2_0;WinRing0_1_2_0;E:\Users\JL\Downloads\RealTemp_370\WinRing0x64.sys [2008-7-26 14544] . =============== Created Last 30 ================ . 2013-05-15 15:15:09 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB080E2F-405A-4194-A1F2-43032EDDAFFD}\mpengine.dll 2013-05-15 01:30:39 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-05-14 03:34:00 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-11 17:57:54 -------- d-----w- C:\Users\JL\AppData\Local\VS Revo Group 2013-05-11 17:57:52 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2013-05-11 17:57:52 -------- d-----w- C:\ProgramData\VS Revo Group 2013-05-03 03:29:19 -------- d-----w- C:\ProgramData\dbg 2013-04-24 02:25:47 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7CA7DF8-E2E7-48A8-AB1C-F978BE803DEB}\gapaengine.dll 2013-04-24 02:19:26 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys . ==================== Find3M ==================== . 2013-05-16 01:40:12 1048576 ----a-w- C:\Windows\PE_Rom.dll 2013-05-15 15:18:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 15:18:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll 2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-15 05:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll 2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll 2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe 2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll 2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll 2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin 2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe 2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll 2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll 2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll 2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll 2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll . ============= FINISH: 18:48:39.49 =============== Your help is immensely appreciated!!!!
  9. Hey I've been having troubles the past couple weeks with Babylon. I just got a new laptop and while trying to download a media player I accidently downloaded Babylon. It has given my computer a worm virus which Kasparsky managed to remove twice. Once after each time I restored my computer to factory settings, however Babylon logs and won't go away. I have used Malwarebytes, CCleaner, and SpyDoctor all which did not find it. The only spy removal program that found it was Spyhunter but then it said I had to purchase the program and I do not want to use my credit card online while I have malware affecting my computer. I also used Revo to uninstall everything to do with Babylon but the logs keep coming back. I thought after restoring my computer it would get better but it only got worse both time. Any help here would be greatly appreciated. I went to this thread http://forums.malwarebytes.org/index.php?showtopic=9573 and followed all the steps and created these logs. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 2013-02-25 8:45:50 PM System Uptime: 2013-02-25 9:39:54 PM (13 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: AMD A6-4400M APU with Radeon HD Graphics | Socket FT1 | 2700/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 456 GiB total, 432.582 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Reader X (10.1.3) AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Quick Stream AMD VISION Engine Control Center Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Bejeweled 3 Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner D3DX10 Farmscapes FATE Google Toolbar for Internet Explorer Google Update Helper Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft Application Error Reporting Microsoft Office Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 Norton Anti-Theft Norton Online Backup Norton Online Backup ARA Norton PC Checkup Norton Security Dashboard Origin Penguins! Photo Common Photo Gallery Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 Polar Bowler Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Realtek WLAN Driver Revo Uninstaller Pro 3.0.2 Synaptics Pointing Device Driver Toshiba App Place TOSHIBA Application Installer TOSHIBA Audio Enhancement Toshiba Book Place TOSHIBA Desktop Assist TOSHIBA eco Utility TOSHIBA Function Key TOSHIBA Password Utility TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA System Driver TOSHIBA System Settings TOSHIBA User's Guide TOSHIBA VIDEO PLAYER TOSHIBARegistration Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life WildTangent Games WildTangent Games App (Toshiba Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== Event Viewer Messages From Past Week ======== . 2013-02-25 9:15:22 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). 2013-02-25 6:56:18 PM, Error: volmgr [46] - Crash dump initialization failed! . ==== End Of File ===========================DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16384 Run by Fedja at 10:20:38 on 2013-02-26 Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.3550.2148 [GMT -8:00] . AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes =============== . C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\dwm.exe C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\atieclxx.exe C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\windows\system32\dashost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Teco\TecoService.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\taskhostex.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\windows\Explorer.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe C:\Program Files\Toshiba\Teco\TecoResident.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\ccSvcHst.exe C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\windows\WinStore\WSHost.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe C:\windows\system32\taskhost.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\BackgroundTransferHost.exe C:\windows\system32\SearchProtocolHost.exe \\?\C:\windows\system32\wbem\WMIADAP.EXE C:\windows\system32\taskeng.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ uWindow Title = Internet Explorer provided by TOSHIBA uDefault_Page_URL = hxxp://toshiba13.msn.com mStart Page = hxxp://toshiba13.msn.com mWindow Title = Internet Explorer provided by TOSHIBA mDefault_Page_URL = hxxp://toshiba13.msn.com mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe" IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TCP: NameServer = 64.59.144.16 64.59.150.132 TCP: Interfaces\{8975BC40-A2E5-46A2-8ED1-4937B912FE19} : DHCPNameServer = 64.59.144.16 64.59.150.132 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://toshiba13.msn.com x64-mWindow Title = Internet Explorer provided by TOSHIBA x64-mDefault_Page_URL = hxxp://toshiba13.msn.com x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2012-12-10 499096] R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00B\ccSetx64.sys [2012-9-6 168608] R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\Drivers\NATx64\0105000.026\ccSetx64.sys [2012-9-6 167072] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\Drivers\klim6.sys [2012-8-2 28504] R1 klwfp;klwfp;C:\windows\System32\Drivers\klwfp.sys [2012-8-3 50088] R1 kneps;kneps;C:\windows\System32\Drivers\kneps.sys [2012-8-13 178008] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-8 239616] R2 APXACC;AppEx Networks Accelerator LWF;C:\windows\System32\Drivers\appexDrv.sys [2012-12-10 199008] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-25 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-25 682344] R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\ccSvcHst.exe [2012-9-6 138272] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-11 3939008] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe [2012-9-6 123320] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [2012-9-6 126392] R2 taisregispinger;taisregispinger;C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2012-9-6 2196120] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\Teco\TecoService.exe [2012-8-13 289192] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472] R3 FwLnk;FwLnk Driver;C:\windows\System32\Drivers\FwLnk.sys [2012-12-10 9216] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-7-13 103936] R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-2-25 24176] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2012-12-10 315536] R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498256] R3 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-7-27 53384] R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2012-7-28 458152] R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-12-10 58536] S0 klelam;klelam;C:\windows\System32\Drivers\klelam.sys [2012-7-27 29616] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\Drivers\klkbdflt.sys [2012-5-25 29016] S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\Drivers\klmouflt.sys [2012-7-25 29528] S3 Revoflt;Revoflt;C:\windows\System32\Drivers\revoflt.sys [2013-2-25 31800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498256] . =============== Created Last 30 ================ . 2013-02-26 05:44:30 64856 ----a-w- C:\windows\System32\klfphc.dll 2013-02-26 05:44:08 -------- d-----w- C:\ProgramData\Kaspersky Lab 2013-02-26 05:44:08 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2013-02-26 05:43:58 89944 ----a-w- C:\windows\System32\drivers\klflt.sys 2013-02-26 05:32:24 -------- d-----w- C:\Users\Fedja\AppData\Roaming\Malwarebytes 2013-02-26 05:31:53 -------- d-----w- C:\ProgramData\Malwarebytes 2013-02-26 05:31:52 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-02-26 05:31:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-02-26 05:17:50 13 --sh--r- C:\windows\System32\drivers\fbd.sys 2013-02-26 05:12:25 -------- d-----w- C:\Program Files\CCleaner 2013-02-26 05:11:25 -------- d-----w- C:\Users\Fedja\AppData\Local\VS Revo Group 2013-02-26 05:11:19 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys 2013-02-26 05:11:19 -------- d-----w- C:\ProgramData\VS Revo Group 2013-02-26 05:11:17 -------- d-----w- C:\Program Files\VS Revo Group 2013-02-26 05:11:12 -------- d-----w- C:\Users\Fedja\AppData\Local\Programs 2013-02-26 05:06:24 -------- d-----w- C:\Users\Fedja\AppData\Local\Google 2013-02-26 05:05:53 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2013-02-26 04:56:34 -------- d-sh--w- C:\$RECYCLE.BIN 2013-02-26 04:54:48 -------- d-----w- C:\Users\Fedja\AppData\Local\ATI 2013-02-26 04:49:40 -------- d-----w- C:\Users\Fedja\AppData\Local\TOSHIBA 2013-02-26 04:48:26 -------- d-----r- C:\Users\Fedja\Searches 2013-02-26 04:48:25 -------- d-----r- C:\Users\Fedja\Contacts 2013-02-26 04:47:10 -------- d-----w- C:\Users\Fedja\AppData\Roaming\WinBatch 2013-02-26 04:46:32 -------- d-----w- C:\Users\Fedja\AppData\Local\VirtualStore 2013-02-26 04:46:19 -------- d-----w- C:\Users\Fedja\AppData\Local\Packages . ==================== Find3M ==================== . 2013-02-26 07:03:10 50088 ----a-w- C:\windows\System32\drivers\klwfp.sys 2013-02-26 07:03:10 29528 ----a-w- C:\windows\System32\drivers\klmouflt.sys 2013-02-26 07:03:09 29016 ----a-w- C:\windows\System32\drivers\klkbdflt.sys 2012-12-10 11:58:49 0 ----a-w- C:\windows\ativpsrm.bin . ============= FINISH: 10:21:06.54 ===============</orphaned></orphaned></orphaned> attach.txt dds.txt
  10. please help remove babylon malware - i've tried myself but to no avail Here is the DDS log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.17153 Run by Widyantoko at 2:03:31 on 2012-12-20 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3767.1826 [GMT 7:00] . AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Program Files\HitmanPro\hmpsched.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe C:\Windows\SysWOW64\ChgService.exe C:\Program Files\KlikBCA\VPN Client\cvpnd.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Western Digital\WD SmartWare\WDFME.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe C:\Windows\System32\hkcmd.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\DAP\DAP.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://acer.msn.com mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={903DB0F2-3634-11E2-BAAA-60EB69AD79E5} mDefault_Page_URL = hxxp://acer.msn.com BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\Grabber.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [E09AXLRD_9199971] "C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE" -m uRun: [boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe mRun: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm IE: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll LSP: C:\Program Files (x86)\SpeedBit Video Accelerator\LSP3.3.6.3\SBLSP.dll TCP: NameServer = 61.247.0.4 202.73.99.4 61.247.0.2 TCP: Interfaces\{1779C239-2258-44B1-9798-BF47B16A50B6} : DHCPNameServer = 61.247.0.4 202.73.99.4 61.247.0.2 TCP: Interfaces\{1779C239-2258-44B1-9798-BF47B16A50B6}\A616B6372657875393 : DHCPNameServer = 202.146.128.3 202.146.128.6 8.8.8.8 TCP: Interfaces\{1779C239-2258-44B1-9798-BF47B16A50B6}\C696E6B6C6F67696374796B67777 : DHCPNameServer = 61.247.0.4 202.73.99.4 61.247.0.2 TCP: Interfaces\{1779C239-2258-44B1-9798-BF47B16A50B6}\D454741402B455E494E47414E4 : DHCPNameServer = 110.34.131.90 8.8.8.8 TCP: Interfaces\{C29A85B8-E25A-4719-8920-D8B9D12C357D} : DHCPNameServer = 192.168.12.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll AppInit_DLLs= c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://acer.msn.com x64-mDefault_Page_URL = hxxp://acer.msn.com x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe" x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll x64-Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/searchresults.asp?src=default&q= FF - prefs.js: browser.search.selectedEngine - SpeedBit Search FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Widyantoko\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - ExtSQL: 2012-11-20 00:18; daplinkchecker@speedbit.com; C:\Program Files (x86)\DAP\daplinkchecker FF - ExtSQL: 2012-11-20 00:21; searchpredict@speedbit.com; C:\Program Files (x86)\SearchPredict\PRFireFox FF - ExtSQL: 2012-11-20 00:21; {0329E7D6-6F54-462D-93F6-F5C3118BADF2}; C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox FF - ExtSQL: 2012-11-24 19:55; {EEE6C361-6118-11DC-9C72-001320C79847}; C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: !HIDDEN! 2011-04-29 02:09; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=7ea62e5f00000000000002f46a68a3eb&q= FF - user.js: extensions.BabylonToolbar.id - 7ea62e5f00000000000002f46a68a3eb FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15668 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.819:55:33 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-3-14 62496] R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288] R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-29 203264] R2 AntUpdaterService;Ant Toolbar updater service;C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe [2011-6-29 520216] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-7-30 52896] R2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [2012-12-15 2403352] R2 Change Modem Device Service;Change Modem Device Service;C:\Windows\SysWOW64\ChgService.exe [2011-10-16 135168] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-8 321104] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-2-22 821792] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584] R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-12-3 108904] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-8 13336] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-3 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-3 676936] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-4-17 144640] R2 ODDPwrSvc;Acer ODD Power Service;C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-9-8 171040] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-8-9 38608] R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-9-8 260640] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-3 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-22 2314240] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-9-8 243232] R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?] R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384] R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-6 248248] R2 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224] R2 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-7-30 28832] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-22 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-14 158720] R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-10-29 10331840] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-9-21 76912] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-3 25928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-5-26 40448] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-7-30 36000] S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;C:\Windows\System32\drivers\br3gmdm.sys [2008-3-14 114560] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-7-30 295072] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-7-30 201376] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-7-30 51872] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-7-30 154272] S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-7-30 270496] S3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;C:\Windows\System32\drivers\cmusbser.sys [2011-10-16 118144] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328] S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-4-17 50432] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352] S3 USB_BusEnum_W;EVDO Telecom USB Bus Enumerator w;C:\Windows\System32\drivers\USB_BusEnum_W.sys [2012-7-30 44544] S3 USB_ETS_W;EVDO Rev A Service USB port w;C:\Windows\System32\drivers\USB_ETS_W.sys [2012-7-30 21760] S3 USB_WinMux_W;EVDO Telecom USB MUX Serial Port w;C:\Windows\System32\drivers\USB_WinMux_W.sys [2012-7-30 37376] S3 UsbModemDriver;EVDO Rev A USB Modem w;C:\Windows\System32\drivers\USB_MODEM_W.sys [2012-7-30 28160] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-28 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] . =============== Created Last 30 ================ . 2012-12-19 18:25:45 -------- d-----w- C:\Program Files (x86)\RealNetworks 2012-12-19 18:25:41 -------- d-----w- C:\Users\Widyantoko\AppData\Roaming\RealNetworks 2012-12-19 18:24:41 -------- d-----w- C:\ProgramData\RealNetworks 2012-12-18 16:22:01 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC55970B-88EC-478E-AE76-AA9E29996955}\mpengine.dll 2012-12-12 18:33:47 16363960 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-12-12 17:09:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-12 17:09:58 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-12 17:09:37 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-12-12 17:07:56 425984 ----a-w- C:\Windows\System32\KernelBase.dll 2012-12-09 04:58:24 -------- d-----r- C:\Program Files (x86)\Skype 2012-12-04 11:56:45 -------- d-----w- C:\Users\Widyantoko\AppData\Local\Apps 2012-12-04 11:56:43 -------- d-----w- C:\Users\Widyantoko\AppData\Local\Deployment 2012-12-02 20:11:12 -------- d-----w- C:\Program Files\HitmanPro 2012-12-02 20:09:47 -------- d-----w- C:\ProgramData\HitmanPro 2012-12-02 18:16:11 -------- d-----w- C:\Users\Widyantoko\AppData\Roaming\Malwarebytes 2012-12-02 18:15:20 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-02 18:15:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-02 18:15:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-02 09:31:35 -------- d-----w- C:\Users\Widyantoko\AppData\Roaming\EQATEC Analytics 2012-12-02 09:30:22 -------- d-----w- C:\Users\Widyantoko\AppData\Local\SpeedBIT 2012-11-24 12:55:44 -------- d-----w- C:\ProgramData\Browser Manager 2012-11-24 12:54:43 -------- d-----w- C:\ProgramData\Babylon 2012-11-24 12:44:20 -------- d-----w- C:\Users\Widyantoko\Tracing 2012-11-24 12:43:35 -------- d-----w- C:\ProgramData\SweetIM 2012-11-24 12:43:35 -------- d-----w- C:\Program Files (x86)\SweetIM . ==================== Find3M ==================== . 2012-12-12 18:33:58 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 18:33:58 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-02 09:07:43 2560 ----a-w- C:\Windows\_MSRSTRT.EXE 2012-11-12 12:18:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-12 11:51:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-05 16:25:51 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-11-05 14:17:16 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-11-05 14:03:21 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-11-05 14:03:13 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-27 05:36:37 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-10-27 05:36:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2012-10-27 05:00:40 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-27 04:59:41 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2012-10-27 04:23:06 482816 ----a-w- C:\Windows\System32\html.iec 2012-10-27 03:52:14 386048 ----a-w- C:\Windows\SysWow64\html.iec 2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-04 17:38:56 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:38:56 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:38:56 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:38:24 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:35:22 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 16:54:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:54:17 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:19:57 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:49:27 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:49:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:49:22 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:49:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:44:29 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:44:29 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:44:29 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:44:29 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-09-25 22:39:14 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-25 21:55:17 78336 ----a-w- C:\Windows\SysWow64\synceng.dll . ============= FINISH: 2:04:34.20 =============== Here is my attach log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 22-Feb-11 10:04:43 AM System Uptime: 20-Dec-12 1:42:46 AM (1 hours ago) . Motherboard: Acer | | JM41_CP Processor: Intel® Core i5 CPU M 480 @ 2.67GHz | CPU | 1840/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 582 GiB total, 445.56 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter for 64-bit Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter for 64-bit Windows PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP317: 28-Nov-12 11:21:30 PM - Windows Update RP318: 28-Nov-12 11:37:46 PM - Removed Babylon Chrome Toolbar RP319: 29-Nov-12 1:31:02 AM - Windows Update RP320: 04-Dec-12 3:20:32 PM - Windows Update RP321: 08-Dec-12 12:04:40 AM - Windows Update RP322: 11-Dec-12 11:22:31 PM - Windows Update RP323: 13-Dec-12 1:48:03 AM - Windows Update RP324: 18-Dec-12 11:15:44 PM - Windows Update . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer 7-Zip 9.20 (x64 edition) Acer Arcade Deluxe Acer Arcade Movie Acer Backup Manager Acer Crystal Eye webcam Acer eRecovery Management Acer GameZone Console Acer PowerSmart Manager Acer Registration Acer ScreenSaver Acer Updater Acer VCM Acrobat.com Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Reader X (10.1.4) Aimersoft Video Converter Pro(Build 4.0.3.0) Airport Mania First Flight Akamai NetSession Interface Alcor Micro USB Card Reader Amazonia Ant.com IE add-on Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver ATI Catalyst Install Manager Backup Manager Basic BlackBerry Desktop Software 6.1 Bluetooth Win7 Suite (64) Boxoft PDF to PowerPoint (freeware) BufferChm C4400 Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CDDRV_Installer Copy Coupon Printer for Windows D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery DJ_AIO_06_K209a-z_SW_Min DNE Update DocProc Download Accelerator Plus (DAP) Dream Day First Home eBay Worldwide Encarta Search Bar (64-bit) ESET Smart Security eSobi v2 Farm Frenzy 2 Free FLV Converter V 7.4.0 Galapago Google Chrome Google Earth Google Talk Plugin Google Update Helper GPBaseService2 Heroes of Hellas HitmanPro 3.6 HP Customer Participation Program 14.0 HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 HP Imaging Device Functions 14.0 HP Photo Creations HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 HP Photosmart Essential 3.5 HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPDiagnosticAlert HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply Identity Card Intel® Control Center Intel® Management Engine Components Intel® Rapid Storage Technology Intel® Turbo Boost Technology Driver Intel® Turbo Boost Technology Monitor Internet Explorer Toolbar 4.6 by SweetPacks Junk Mail filter update K-Lite Codec Pack 7.0.0 (Full) K209a-z KhalInstallWrapper KlikBCA Bisnis Launch Manager Logitech SetPoint Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch MediaShow Espresso Merriam Websters Spell Jam Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Encarta Premium 2009 Microsoft IntelliPoint 7.1 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Mozilla Firefox 10.0.2 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyWinLocker MyWinLocker Suite Norton Online Backup NTI Backup Now 5 NTI Backup Now Standard NTI Media Maker 8 OCR Software by I.R.I.S. 13.0 Optical Drive Power Management PandoraRecovery (Remove Only) Pinnacle Video Driver Poker Pop PS_AIO_03_C4400_Software_Min PT Agrodana Futures 4.00 PX Profile Update QuickTime Alternative 3.2.2 RealDownloader Realtek High Definition Audio Driver Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Shop for HP Supplies Shredder Skype™ 6.0 SmartWebPrinting SolutionCenter SpeedBit Video Accelerator SpeedBit Video Downloader Spin & Win Status Synaptics Pointing Device Driver Toolbox TrayApp UnloadSupport Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update Manager for SweetPacks 1.1 WD Drive Utilities WD Security WD SmartWare WebReg Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinRAR 4.00 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 19-Dec-12 11:05:08 PM, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully.. 18-Dec-12 11:18:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.141.2103.0). 14-Dec-12 11:55:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.141.1830.0). 14-Dec-12 11:47:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ant Toolbar updater service service to connect. 14-Dec-12 11:47:18 PM, Error: Service Control Manager [7000] - The Ant Toolbar updater service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 13-Dec-12 11:03:02 PM, Error: RemoteAccess [20106] - Unable to add the interface {6622083D-D10B-4784-B0AE-A710D43EB154} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function. 13-Dec-12 11:03:02 PM, Error: RemoteAccess [20106] - Unable to add the interface {6622083D-D10B-4784-B0AE-A710D43EB154} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function. . ==== End Of File ===========================
  11. I reset homepage, but Babylon is still dominating my two installed browsers, Firefox and Chrome. I tried hijackthis, and I can see the babylon reference, but before it loads, for one it says the hosts file is in use, but I checked it, it's not different than I expected, and secondly when I try to delete the bablyon reference, it's not listed on the hijackthis page to delete, it's only on the log. I did delete what I saw that was related. I have no idea where to find it in the registry, and I checked control panel and not only is unlocker gone, nothing recently is installed at all, according to multiple uninstallers I tried. This is a wonderful community and I hope that I can share something of use, while I ask for guidance. I'll make a list of my scenario: Internet Explorer is not Installed on my ASUS k52ju/k52jt series - i7 q740 1.73ghz 64 bit [i uninstalled it manually a while back] Installed Unlocker to unlock a folder that's been locked since I was doing video editing on the thing a few months ago Set unlocker not to install Babylon Toolbar, but it seemed to do just that. Uninstalled Unlocker, and the Toolbar went away... Reset homepage, but Babylon is still automatically loading going to this affiliate url: search.babylon.com/?affID=14335&tt=4812_4&babsrc=NT_ss&mntrId=a05f0ee20000000000004e5d60c3f7c1 anytime I open a new page, or tab, on Chrome, or Firefox. Read around on the forums and I tried CCleaner and Malwarebytes Anti Malware, already had comodo antivirus installed[setup for manual overrides], adWcleaner, and I used Hijackthis to try to fix the problem myself as well. Is there anything from the two logs below that might immediately inform someone with more experience with Win 7, and Babylon how to solve this? I need to work with 3rd party websites, and I don't want to comprimise their security, but I need the money asap so I'm just hoping to solve this smoothly. Thanks so much for any time spent looking into this. -Abe LaB Grand Traverse Design Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:33:15 PM, on 12/3/2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe D:\Games\Steam\steam.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Users\NovaStorm\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=14335&tt=4812_4&babsrc=HP_ss&mntrId=a05f0ee20000000000004e5d60c3f7c1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Linkury SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing) O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Search-Results Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: AF-HSS - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-H.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing) O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\NovaStorm\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\NovaStorm\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [Steam] "D:\Games\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Dropbox.lnk = NovaStorm\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O4 - Global Startup: SRS Premium Sound.lnk = ? O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Express Invoice (ExpressInvoiceService) - NCH Software - C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI BackupNowEZSvr - NTI Corporation - C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: postgresql-9.1 - PostgreSQL Server 9.1 (postgresql-9.1) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/9.1/bin/pg_ctl.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 17447 bytes # AdwCleaner v2.011 - Logfile created 12/04/2012 at 15:40:17 # Updated 02/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : NovaStorm - NOVA-LTOP # Boot Mode : Normal # Running from : C:\Users\NovaStorm\Downloads\AdwCleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Folder Found : C:\Program Files (x86)\Ask.com Folder Found : C:\Program Files (x86)\BabylonToolbar Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Folder Found : C:\Program Files (x86)\uTorrentBar Folder Found : C:\Program Files (x86)\vGrabber Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Partner Folder Found : C:\Users\NovaStorm\AppData\Local\Conduit Folder Found : C:\Users\NovaStorm\AppData\LocalLow\AskToolbar Folder Found : C:\Users\NovaStorm\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\NovaStorm\AppData\LocalLow\Conduit Folder Found : C:\Users\NovaStorm\AppData\LocalLow\uTorrentBar Folder Found : C:\Users\NovaStorm\AppData\Roaming\Babylon Folder Found : C:\Users\NovaStorm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber Folder Found : C:\Users\NovaStorm\AppData\Roaming\Mozilla\Firefox\Profiles\gibuiy6p.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0} Folder Found : C:\Users\NovaStorm\AppData\Roaming\OpenCandy Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Found : HKCU\Software\APN Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKCU\Software\Zugo Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2765711 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456} Key Found : HKLM\Software\uTorrentBar Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE8EC3DF-43B6-42D3-BFC7-9727C23DEA86} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F502A423-E5D6-4040-8583-5F7BA436AC64} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKU\S-1-5-21-1819736604-1611484521-1379534348-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=14335&tt=4812_4&babsrc=NT_ss&mntrId=a05f0ee20000000000004e5d60c3f7c1 -\\ Mozilla Firefox v15.0 (en-US) Profile name : default File : C:\Users\NovaStorm\AppData\Roaming\Mozilla\Firefox\Profiles\gibuiy6p.default\prefs.js Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=14335&tt=4812_4&babsrc=NT_ss&mntrI[...] Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Found : user_pref("extensions.BabylonToolbar_i.newTab", true); Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=14335&tt=4812_4[...] Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=14335&tt=4812_4&babsrc=KW_ss&mntrId=a05f0[...] -\\ Google Chrome v23.0.1271.95 File : C:\Users\NovaStorm\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.19] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=14335&tt=4812_4&babsrc=HP_ss&mntrId=a05f0ee20000000000004e5d60c3f7c1" ] Found [l.60] : icon_url = "hxxp://www.babylon.com/favicon.ico", Found [l.63] : keyword = "babylon.com", Found [l.66] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=14335&tt=4812_4&babsrc=SP_ss&mntrId=a05f0ee20000000000004e5d60c3f7c1", Found [l.2044] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=14335&tt=4812_4&babsrc=HP_ss&mntrId=a05f0ee20000000000004e5d60c3f7c1" ] ************************* AdwCleaner[R1].txt - [9327 octets] - [04/12/2012 13:50:18] AdwCleaner[R2].txt - [9280 octets] - [04/12/2012 15:40:17] ########## EOF - C:\AdwCleaner[R2].txt - [9340 octets] ##########
  12. Hello I need to remove a Babylon infection, pretty sure I got it from a Cnet installer and I exited as soon as I saw the word toolbar, I definately didn't authorize anything to install. I can keep it at bay in browser search and homepage but its still there when I use the actual address bar. Its driving me mad, and I want to add this PC to my network but I am woried it might transfer to the other computers. (this computer has never been on the network before). I ran malwarebytes full scan and it came out with no threats found. I was also running MS security essentials when it got in, I since changed that to Norton internet security. Can anyone help please. Cheers Keith
  13. Hello, I was working with Gringo on cleaning Babylon from my PC, but my account and the thread were lost in the recent data corruption. I have the e-mails, though, of course. Should I post anything from those? The last thing I did was run HJT and make some fixes, and then run the Eset Online Scanner. Below are the results of that scan. Thanks! Trevor ------------------------------------------- C:\Documents and Settings\trevor\My Documents\Downloads\cnet2_Unlocker1_9_1_exe.exe a variant of Win32/InstallCore.D application C:\Documents and Settings\trevor\My Documents\Downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application
  14. hello first time here. it seems I downloaded the babylon thing that now has taken over as web browser. the malwarebyts software wont get rid of him. then I reset forefox and it seemed to work, until it didnt anymore. Then I looked for info on this site and tried to do what Maniac was telling other people. My IT knowledge is limited though. so I run that OTL or something anti-malware software and ran a scan and it gave a kind of very long report in the end. I saved that in a word file. I also told the OTL software to "clean". it did so and restarted pc but didnt work, Its still there. can anyone help me? I attach the results of the OTL scan, in case its useful thanks, maria malware.doc
  15. Babylon malware is driving me crazy. Tried to remove it myself but failed, please help. Aaron
  16. I got a virus today. My firefox homepage changes on its own. And when I open some files, 2 folders will appear, 'bProtectorForWindows' and 'searchplugins'. I have problems similar to those mentioned here: http://forums.malwar...pic=112789&st=0 I uninstalled babylon. I removed bProtector from my Task Scheduler. My computer won't let me delete the folder: C:\ProgamData\bProtectorForWindows\ It says the folder is open in another program. Inside it is a folder called '2.2.453.59'. In that are 2 files, 'bProtect.settings' and 'protector.dll' I tried following the instructions on the following site but it didn't work since I can't delete that folder. http://secure-comput...ows_should.html OTL.txt OTL logfile created on: 8/25/2012 11:53:58 AM - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Kouu\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.34 Gb Available Physical Memory | 79.24% Memory free 16.05 Gb Paging File | 14.37 Gb Available in Paging File | 89.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 517.58 Gb Total Space | 74.35 Gb Free Space | 14.36% Space Free | Partition Type: NTFS Drive F: | 15.43 Gb Total Space | 14.93 Gb Free Space | 96.72% Space Free | Partition Type: NTFS Computer Name: KOUU-PC | User Name: Kouu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/25 11:53:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kouu\Desktop\OTL.exe PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/07/19 03:50:22 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/09/30 01:15:07 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011/03/31 23:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2010/03/22 01:40:00 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010/02/22 06:28:38 | 003,179,952 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe PRC - [2009/10/15 03:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe PRC - [2008/08/21 18:22:20 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Salmosa\razertra.exe PRC - [2008/08/21 16:28:44 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Salmosa\razerhid.exe PRC - [2008/08/15 15:20:18 | 000,151,552 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Salmosa\razerofa.exe ========== Modules (No Company Name) ========== MOD - [2012/08/25 00:49:12 | 002,008,096 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll MOD - [2012/07/19 03:50:21 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011/03/30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe MOD - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2010/03/22 01:40:00 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2008/08/21 18:22:20 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Salmosa\razertra.exe MOD - [2008/08/21 16:28:44 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Salmosa\razerhid.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008/09/08 12:11:02 | 000,726,016 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV:64bit: - [2008/09/08 12:09:52 | 000,221,696 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV:64bit: - [2008/01/20 20:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008/01/20 20:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/08/15 04:56:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/07/19 03:50:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/15 04:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/13 20:12:30 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/09/30 01:15:07 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/03/31 23:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010/06/25 11:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/02/05 11:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007/02/05 11:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/18 11:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/11/28 20:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011/04/12 09:07:22 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/03/31 23:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2011/03/31 23:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64) DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010/07/27 02:11:38 | 000,271,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvpopf64.sys -- (lvpopf64) DRV:64bit: - [2010/06/25 11:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2010/02/22 07:04:08 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/03/20 17:59:00 | 000,011,904 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\salmosa.sys -- (salmosa) DRV:64bit: - [2006/10/30 17:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o...68&l=dis&gct=hp IE - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000\..\SearchScopes,bProtectorDefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...95-3B195E62838B IE - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwo...ferrer:source?} IE - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kouu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kouu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kouu\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kouu\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kouu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/01 14:48:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 03:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/14 18:19:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Kouu\AppData\Roaming\IDM\idmmzcc3 [2010/02/22 06:26:01 | 000,000,000 | ---D | M] [2010/02/22 05:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kouu\AppData\Roaming\Mozilla\Extensions [2012/08/25 03:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kouu\AppData\Roaming\Mozilla\Firefox\Profiles\2roi32ov.default\extensions [2010/06/28 16:32:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kouu\AppData\Roaming\Mozilla\Firefox\Profiles\2roi32ov.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/08/25 02:30:22 | 000,000,000 | ---D | M] (IDM CC) -- C:\Users\Kouu\AppData\Roaming\Mozilla\Firefox\Profiles\2roi32ov.default\extensions\mozilla_cc@internetdownloadmanager.com [2011/03/11 22:36:48 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Kouu\AppData\Roaming\Mozilla\Firefox\Profiles\2roi32ov.default\extensions\personas@christopher.beard [2012/07/26 18:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/08/24 22:02:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/07/26 18:49:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/08/01 14:48:22 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012/07/19 03:50:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010/03/22 01:39:56 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2012/07/19 03:50:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/19 03:50:19 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2010/02/22 05:41:25 | 000,380,176 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 13099 more lines... O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe () O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE /FU "C:\Windows\TEMP\E_SF8FF.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm () O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3429667927-1885231413-3428540675-1000\..Trusted Domains: excite.com ([]https in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0167EE92-653C-4160-B8B5-1A4F96C40B58}: DhcpNameServer = 192.168.0.1 205.171.3.25 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (c:\progra~3\bprote~1\22453~1.59\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Kouu\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Kouu\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{00628c21-3eab-11df-a3f3-00248c451f8f}\Shell\Auto\command - "" = F:\launcher.exe O33 - MountPoints2\{00628c21-3eab-11df-a3f3-00248c451f8f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\launcher.exe O33 - MountPoints2\{9f399945-6511-11e0-8286-00248c451f8f}\Shell - "" = AutoRun O33 - MountPoints2\{9f399945-6511-11e0-8286-00248c451f8f}\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\{9f5143c8-1fb6-11df-9c1b-00248c451f8f}\Shell - "" = AutoRun O33 - MountPoints2\{9f5143c8-1fb6-11df-9c1b-00248c451f8f}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{c4db2934-1fa7-11df-a2d1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c4db2934-1fa7-11df-a2d1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe /zAUTOSTART O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/08/25 11:53:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Kouu\Desktop\OTL.exe [2012/08/25 10:21:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\bProtectorForWindows [2012/08/25 10:21:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2012/08/25 09:10:51 | 000,000,000 | ---D | C] -- C:\Users\Kouu\AppData\Roaming\LockHunter [2012/08/25 09:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LockHunter [2012/08/25 09:03:03 | 000,000,000 | ---D | C] -- C:\Users\Kouu\AppData\Roaming\EMCO [2012/08/25 08:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012/08/25 05:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/25 04:16:51 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Kouu\Desktop\TFC.exe [2012/08/25 00:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows [2012/08/25 00:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games [2012/08/14 20:58:15 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\ssubtmr6.dll [2012/08/14 20:58:14 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\SysWow64\trayicon_handler.ocx [2012/08/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Users\Kouu\AppData\Roaming\WinAVI [2012/08/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Users\Kouu\AppData\Local\WinAVI [2012/08/14 20:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinAVI [2012/08/14 20:44:11 | 000,000,000 | ---D | C] -- C:\Users\Kouu\Documents\Aimersoft DVD Creator [2012/08/14 01:23:12 | 000,000,000 | ---D | C] -- C:\Users\Kouu\AppData\Local\CPN [2012/08/14 01:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paddy Power Poker [2012/08/01 14:49:47 | 000,000,000 | ---D | C] -- C:\Users\Kouu\AppData\Local\DDMSettings [2012/07/26 18:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java ========== Files - Modified Within 30 Days ========== [2012/08/25 11:56:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/25 11:54:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/25 11:53:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kouu\Desktop\OTL.exe [2012/08/25 11:52:34 | 000,000,025 | ---- | M] () -- C:\Windows\SysWow64\TLB_Disable.ini [2012/08/25 11:52:32 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/25 11:52:31 | 004,820,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/25 11:51:40 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/25 11:51:37 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/25 11:51:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/25 11:41:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3429667927-1885231413-3428540675-1000UA.job [2012/08/25 05:17:10 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/25 04:16:52 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Kouu\Desktop\TFC.exe [2012/08/25 04:10:03 | 000,000,456 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{900068B2-8D1B-48C0-93F6-6B8AB090780F}.job [2012/08/25 01:22:43 | 000,230,400 | ---- | M] () -- C:\Users\Kouu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/08/21 22:55:10 | 000,002,596 | ---- | M] () -- C:\Users\Kouu\Desktop\MfSwapWindowMode.ahk [2012/08/21 08:51:35 | 000,000,162 | ---- | M] () -- C:\Users\Kouu\Desktop\13.64.rtf [2012/08/19 19:41:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3429667927-1885231413-3428540675-1000Core.job [2012/08/17 23:56:34 | 000,000,624 | ---- | M] () -- C:\Users\Kouu\Desktop\new plan.rtf [2012/08/14 18:20:02 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/08/14 01:29:07 | 000,000,504 | ---- | M] () -- C:\Users\Kouu\Desktop\pass.rtf [2012/08/13 22:55:07 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI [2012/08/11 06:40:46 | 000,001,329 | ---- | M] () -- C:\Users\Kouu\Desktop\short story.rtf [2012/08/04 14:37:38 | 001,690,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/04 14:37:38 | 000,734,910 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat [2012/08/04 14:37:38 | 000,672,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/04 14:37:38 | 000,161,406 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat [2012/08/04 14:37:38 | 000,131,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/03 19:01:51 | 000,002,066 | ---- | M] () -- C:\Users\Kouu\Desktop\MfSwapWorks.ahk [2012/08/03 18:49:05 | 000,000,198 | ---- | M] () -- C:\Users\Kouu\Desktop\my macro.rtf [2012/08/03 18:00:45 | 000,002,585 | ---- | M] () -- C:\Users\Kouu\Desktop\MfSwapWindowModedd.ahk ========== Files Created - No Company Name ========== [2012/08/25 05:17:10 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/21 08:51:35 | 000,000,162 | ---- | C] () -- C:\Users\Kouu\Desktop\13.64.rtf [2012/08/11 06:20:22 | 000,001,329 | ---- | C] () -- C:\Users\Kouu\Desktop\short story.rtf [2012/08/06 23:54:47 | 000,000,624 | ---- | C] () -- C:\Users\Kouu\Desktop\new plan.rtf [2012/08/03 18:49:05 | 000,000,198 | ---- | C] () -- C:\Users\Kouu\Desktop\my macro.rtf [2012/08/03 18:00:44 | 000,002,585 | ---- | C] () -- C:\Users\Kouu\Desktop\MfSwapWindowModedd.ahk [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/03/27 17:02:27 | 000,011,867 | ---- | C] () -- C:\Users\Kouu\AppData\Roaming\TheHunterSettings_live.bin [2012/03/27 16:05:31 | 000,000,046 | ---- | C] () -- C:\Users\Kouu\AppData\Roaming\TheHunterSettings_live.cfg [2012/01/23 13:03:45 | 000,105,392 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/11/29 04:50:11 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/11/06 10:32:14 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/08/27 05:10:14 | 000,000,008 | ---- | C] () -- C:\Windows\d392.sys [2011/06/14 17:00:45 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011/06/14 17:00:45 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011/06/14 17:00:45 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011/06/14 17:00:45 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011/06/14 17:00:45 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011/06/14 17:00:45 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011/06/14 17:00:45 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011/06/14 17:00:45 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011/06/14 17:00:45 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011/06/14 17:00:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011/06/14 17:00:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011/06/14 17:00:45 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011/06/14 17:00:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011/06/14 17:00:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011/06/14 17:00:45 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011/06/14 17:00:45 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011/06/14 17:00:05 | 000,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini [2011/03/31 23:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011/03/31 23:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/03/31 23:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011/02/28 01:10:37 | 000,000,874 | ---- | C] () -- C:\Users\Kouu\.recently-used.xbel [2011/02/26 17:42:10 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/02/26 17:42:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010/08/15 23:33:55 | 000,000,092 | ---- | C] () -- C:\Users\Kouu\AppData\Local\fusioncache.dat [2010/05/16 01:40:15 | 000,000,016 | ---- | C] () -- C:\Users\Kouu\AppData\Roaming\grwqhp.dat [2010/05/03 16:18:34 | 000,000,680 | ---- | C] () -- C:\Users\Kouu\AppData\Local\d3d9caps.dat [2010/04/19 14:52:23 | 000,011,056 | -HS- | C] () -- C:\Users\Kouu\AppData\Local\74K2YC [2010/04/19 14:52:23 | 000,011,056 | -HS- | C] () -- C:\ProgramData\74K2YC [2010/02/24 12:52:52 | 000,230,400 | ---- | C] () -- C:\Users\Kouu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/22 04:56:29 | 000,001,460 | ---- | C] () -- C:\Users\Kouu\AppData\Local\d3d9caps64.dat ========== LOP Check ========== [2010/08/30 15:11:53 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\.minecraft [2011/08/27 04:56:33 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\avidemux [2010/06/04 01:34:58 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\BSW [2011/02/20 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\Camfrog [2010/04/03 05:36:43 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\Coby [2010/04/03 05:44:42 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\Coby Media Manager [2012/04/19 17:36:09 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010/02/25 13:03:17 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\DAEMON Tools Lite [2011/04/27 20:32:23 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\DarksporeData [2010/06/29 22:15:28 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\DemoCreator [2012/08/25 11:53:33 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\DMCache [2012/08/25 09:03:03 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\EMCO [2011/10/29 15:25:02 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\go [2010/09/28 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\gtk-2.0 [2010/11/27 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\Hothead Games [2011/06/30 00:10:35 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\IDM [2010/04/20 16:59:53 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\ImgBurn [2011/02/18 14:20:17 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\Leadertech [2012/08/25 09:10:51 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\LockHunter [2010/08/21 14:05:45 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\LolClient [2011/02/18 21:23:00 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\ManyCam [2010/03/08 14:52:14 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\MSNInstaller [2012/08/12 21:21:47 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\Mumble [2010/06/10 22:56:16 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\NeopleLauncherDFO [2011/02/18 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\ooVoo Details [2012/02/16 07:29:13 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\Origin [2011/03/29 22:27:18 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\PunkBuster [2010/10/25 12:02:48 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\RayV [2010/09/01 11:15:29 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\SystemRequirementsLab [2011/04/13 13:06:32 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\The Creative Assembly [2011/05/01 04:17:20 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\TS3Client [2010/08/15 23:35:20 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\Turbine [2012/08/25 01:25:49 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\uTorrent [2012/08/14 20:45:52 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\WinAVI [2012/02/29 21:42:16 | 000,000,000 | ---D | M] -- C:\Users\Kouu\AppData\Roaming\Wizards of the Coast [2012/08/25 11:49:59 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/08/25 04:10:03 | 000,000,456 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{900068B2-8D1B-48C0-93F6-6B8AB090780F}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613 < End of report >
  17. I have been infected with Babylon which takes over as the search engine and defaults to the Babylon when I open a new tab. I'm using IE8 and not the most computer literate person in town!
  18. Hello~ I've been recently getting a random advertisement / music playing in the background coming from absolutely nothing. I've tried restarting numerous times, and even restored to an earlier point in time 3 times lol. It was proven no help and continued to make the random audio. I suspected it to be a virus/ malware so i ran numerous tests with spybot, malwarebytes, ccleaner and many more. I've also detected a babylon and managed to partially get rid of it. ( not quite sure if its fully removed because it is still in firefox about:config and some files continue to come back even after countless resets. And on IE i was able to disable babylon from search provider, but was unable to delete it). Im not quite sure if babylon has anything to do with this =/ , but if you could plz help me get to the bottom of this, itd rly help alot~ As you may already know, i dont know too much about computers =/ so a step by step direction would be greatly appreciated TY~ Also a system recovery is not responding and will not load for some reason =/
  19. i just today got malwarebytes from everything i had read it was the best anti viral system out there now my browser has been hijacked by babylon which was not a probelm until i downloaded your system.This hijack came from your website.I am not a programmer or engineer and now i will have to pay to have this removed
  20. Hi everyone. I recently downloaded a sketchy torrent, and along with that torrent came a file called, "Online Media File" Or something. Instead of what I wanted to downloaded, it downloaded something like "Free ride games" and "Fun moods" and "Giant savings". I really didn't want these files, but along came the browser called "babylon". This is the part I hate most. Everytime I access Google Chrome (My main browser), it goes up as babylon. I think I've deleted all the other malicious games, but babylon is still there. I'm not sure if System Restore, will do the trick, and I've tried almost EVERY tactic there is on forums. None worked. So I'm counting on the experts and geniuses of MalwareBytes to solve this problem to the best of their abilities. Also, I'm really not that good with Computer terms, so I need a patient guide who will bare with me. I really appreciate whoever can help me, especially those who've had this problem. Best of luck to both of us. -Regards, Terry.
  21. Infected with babylon I use IE8 and google chrome on xp Both are infected with babylon No actions taken other than backup, ran malwarebytes and the tool to generate the attachments included thanks attach.txt dds.txt
  22. Hi guys, first, please excuse my english, Im not a native speakter. OK, now whats the problem? The problem ist http://isearch.babylon.com. Every time when I put some word or phrase in the upper search task in place of ggogle isearch.babylon is going to search. I´ve already tried a lot: Spybot Search & Destroy, Unlocker, Registry Cleaning of all "Babylon" stuff, my homedirectory in the Firefox etc. Nothing works. I´ve the firefox 9.01 and windows 7 64 bit. Maybe anybody would be able to help me to get rid of that babylon search tool? In the attachment you´ll find a picture.... Greetings Jonathan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.