Jump to content

Infected with exploit.drop.9


Recommended Posts

I ran Malwarebytes and found that my computer was infected with exploit.drop.9. The virus was quarantined but I am still having issues. I can't get anything to open. Here is the log from where I ran Malwarebytes before the virus was quarantined:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.30.12

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)

Internet Explorer 9.0.8112.16421

Rachel :: BABYSADDICTION [administrator]

12/22/2012 7:40:29 PM

mbam-log-2012-12-22 (19-40-29).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216661

Time elapsed: 16 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Rachel\AppData\Local\Temp\0.7497468433388725 (Exploit.Drop.9) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Can you run DDS and post the logs?

Download and save DDS to your Desktop from either of the following links:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr

Double click DDS to run the scan, Vista or Windows 7 user accept UAC alert.

There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txt

Copy and paste those two logs to your reply when the scan is complete....

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 4/7/2011 10:26:10 PM

System Uptime: 12/23/2012 11:04:40 AM (1 hours ago)

.

Motherboard: Dell Inc. | | Emerald Lake

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU | 2292/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 381.114 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart D110 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0000

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\*ISATAP\0000

Service: tunnel

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

7-Zip 9.20 (x64 edition)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

Advanced Audio FX Engine

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Babylon toolbar

Bing Bar

Bing Rewards Client Installer

Bonjour

BufferChm

CCleaner

Consumer In-Home Service Agreement

Coupon Printer for Windows

Cozi

CPAexcel V7 (remove only)

D110

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Edoc Viewer

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell Marketplace Webslice IE8

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell Support Center

Dell Touchpad

Dell VideoStage

Dell Webcam Central

Destinations

DeviceDiscovery

DirectX 9 Runtime

eBay

Google Chrome

Google Update Helper

GPBaseService2

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP Photo Creations

HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPAppStudio

HPPhotoGadget

HPProductAssistant

HPSSupply

HTC Driver Installer

iCloud

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless Software for Bluetooth® Technology

Intel® PROSet/Wireless WiFi Software

Intel® Turbo Boost Technology Monitor 2.0

Intel® Wireless Display

Internet Explorer

iTunes

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

Malwarebytes Anti-Malware version 1.65.1.1000

MarketResearch

McAfee Internet Security

McAfee Online Backup

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Office XP Professional

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

MyFreeCodec

Network64

NirSoft BlueScreenView

PhotoShowExpress

PS_AIO_07_D110_SW_Min

QuickBooks

QuickBooks Pro 2012

Quickset64

QuickTime

QuickTransfer

RBVirtualFolder64Inst

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Safari

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Shared C Run-time for x64

Shop for HP Supplies

Skype Toolbars

Skype™ 5.10

SmartWebPrinting

SolutionCenter

Sonic CinePlayer Decoder Pack

Status

Toolbox

TrayApp

TrustedID

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

WebReg

Wiley CPA Exam Review Test Bank CD - Desktop

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

12/23/2012 11:42:23 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/23/2012 11:20:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

12/23/2012 11:20:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

12/23/2012 11:12:02 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/23/2012 11:11:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/23/2012 11:11:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

12/23/2012 11:11:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/23/2012 11:11:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/23/2012 11:09:49 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

12/23/2012 11:09:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/23/2012 11:07:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.

12/23/2012 11:07:30 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

12/23/2012 11:07:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MOBKFilter spldr Wanarpv6

12/23/2012 11:07:10 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

12/23/2012 10:49:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.

12/23/2012 10:49:47 AM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/23/2012 10:48:29 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

12/23/2012 10:48:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

12/23/2012 10:46:24 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

12/23/2012 10:43:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

12/23/2012 10:42:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit QuickBooks FCS service to connect.

12/23/2012 10:42:47 AM, Error: Service Control Manager [7000] - The Intuit QuickBooks FCS service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/23/2012 10:42:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service QBFCService with arguments "" in order to run the server: {E2F551B5-D7E4-351C-A975-2E8EEE4D1917}

12/23/2012 10:41:15 AM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.

12/23/2012 10:27:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

12/23/2012 10:27:24 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/23/2012 10:27:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/23/2012 10:24:26 AM, Error: Service Control Manager [7022] - The McAfee Services service hung on starting.

12/23/2012 10:21:50 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

12/23/2012 10:18:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

12/23/2012 10:17:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

12/23/2012 10:17:37 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/23/2012 10:15:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

12/23/2012 10:15:40 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

12/23/2012 10:15:40 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

12/23/2012 10:15:40 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.

12/23/2012 10:15:40 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.

12/23/2012 10:15:40 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

12/23/2012 10:15:40 AM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/23/2012 10:15:09 AM, Error: Service Control Manager [7022] - The McAfee Validation Trust Protection Service service hung on starting.

12/23/2012 10:15:06 AM, Error: Service Control Manager [7022] - The IKE and AuthIP IPsec Keying Modules service hung on starting.

12/23/2012 10:14:12 AM, Error: Service Control Manager [7022] - The Function Discovery Resource Publication service hung on starting.

12/23/2012 10:12:40 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

12/23/2012 10:12:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.

12/23/2012 10:12:32 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/23/2012 10:11:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

12/23/2012 10:11:43 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/23/2012 10:10:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.

12/23/2012 10:08:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

12/23/2012 10:08:33 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/22/2012 9:43:21 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

12/22/2012 9:35:00 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

12/22/2012 9:27:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the RoxMediaDB12OEM service to connect.

12/22/2012 9:27:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service RoxMediaDB12OEM with arguments "" in order to run the server: {C987B219-2F0A-466A-BC70-8D64E43BD5A7}

12/22/2012 8:38:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

12/22/2012 8:37:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

12/22/2012 8:37:45 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/22/2012 8:36:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

12/22/2012 8:36:41 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/22/2012 8:24:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee McShield service to connect.

12/22/2012 8:24:03 PM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/22/2012 8:23:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBIDPService service to connect.

12/22/2012 8:21:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.

12/22/2012 8:05:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/22/2012 7:34:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/22/2012 7:34:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/22/2012 7:31:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk MOBKFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

12/22/2012 7:30:46 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

12/22/2012 7:30:46 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/22/2012 7:30:45 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/22/2012 7:11:56 PM, Error: Service Control Manager [7022] - The McAfee McShield service hung on starting.

12/22/2012 6:46:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

12/22/2012 6:43:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

12/22/2012 6:06:39 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state.

12/22/2012 6:06:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

12/22/2012 6:04:53 PM, Error: Service Control Manager [7022] - The SSDP Discovery service hung on starting.

12/22/2012 6:01:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.

12/22/2012 6:01:30 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/22/2012 5:58:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Online Backup service to connect.

12/22/2012 5:58:57 PM, Error: Service Control Manager [7000] - The McAfee Online Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/22/2012 5:57:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.

12/22/2012 5:57:17 PM, Error: Service Control Manager [7000] - The BBUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/22/2012 5:57:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BBUpdate with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

12/22/2012 5:55:58 PM, Error: Service Control Manager [7022] - The McAfee VirusScan Announcer service hung on starting.

12/22/2012 5:55:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Media Service service to connect.

12/22/2012 5:55:15 PM, Error: Service Control Manager [7000] - The Bluetooth Media Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/22/2012 5:55:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Bluetooth Media Service with arguments "" in order to run the server: {9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}

12/22/2012 5:54:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bluetooth OBEX Service service to connect.

12/22/2012 5:54:24 PM, Error: Service Control Manager [7000] - The Bluetooth OBEX Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/22/2012 5:54:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Bluetooth OBEX Service with arguments "" in order to run the server: {E9E0D51D-F407-4D91-B294-C111F721A3AF}

12/22/2012 5:53:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

12/22/2012 5:42:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.

12/22/2012 5:42:17 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/22/2012 5:41:38 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 87

12/22/2012 11:26:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NOBU service.

12/22/2012 11:25:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MSK80Service service.

12/22/2012 11:25:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfevtp service.

12/22/2012 11:24:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McProxy service.

12/22/2012 11:24:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNASvc service.

12/22/2012 10:04:59 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

12/20/2012 5:11:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

12/20/2012 5:10:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

12/20/2012 5:10:34 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/20/2012 5:08:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

12/16/2012 12:58:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.

12/16/2012 12:58:30 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/16/2012 10:20:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

12/16/2012 10:20:22 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/16/2012 10:20:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

12/16/2012 1:04:32 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

12/16/2012 1:00:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16457

Run by Rachel at 12:13:23 on 2012-12-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.5102 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\dinotify.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=117023&tt=4512_2&babsrc=HP_ss&mntrId=b8457168000000000000bc77370d9bfd

uProxyOverride = <local>;*.local

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [lxdimon.exe] "C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdimon.exe"

mRun: [lxdiamon] "C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: NameServer = 208.180.42.68 208.180.42.100

TCP: Interfaces\{C173DD0D-F1DB-406D-9FCF-CC78B97E933B} : DHCPNameServer = 208.180.42.68 208.180.42.100

TCP: Interfaces\{C173DD0D-F1DB-406D-9FCF-CC78B97E933B}\14C4943454 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C173DD0D-F1DB-406D-9FCF-CC78B97E933B}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{C173DD0D-F1DB-406D-9FCF-CC78B97E933B}\755637477796E646 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C173DD0D-F1DB-406D-9FCF-CC78B97E933B}\C696E6B6379737 : DHCPNameServer = 208.180.42.68 208.180.42.100

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>

x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\jkygx7y1.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=117023&tt=4512_2&babsrc=HP_ss&mntrId=b8457168000000000000bc77370d9bfd

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=117023&tt=4512_2&babsrc=KW_ss&mntrId=b8457168000000000000bc77370d9bfd&q=

FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - ExtSQL: !HIDDEN! 2011-04-09 18:53; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b8457168000000000000bc77370d9bfd&q=

FF - user.js: extensions.BabylonToolbar.id - b8457168000000000000bc77370d9bfd

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15652

FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8

FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.813:30:25

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-4-9 771096]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-4-28 339776]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-20 55856]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-11-15 201304]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-4-28 218320]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-4-9 177680]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-4-28 69672]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-4-28 515528]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-3-20 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-3-20 181248]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2012-4-28 66040]

S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-20 98208]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-11-15 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-11-15 201304]

S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-11-15 201304]

S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-4-28 241016]

S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]

S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]

S2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-20 1692480]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-20 2656280]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]

S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-12-14 58128]

S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-3-20 175168]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-28 196440]

S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]

S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-20 158976]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-20 317440]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-4-28 309400]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-4-28 106112]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S3 OV550I;Film and Photo Scanner;C:\Windows\System32\drivers\OVTX16.sys [2010-6-4 139520]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-20 250984]

S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-9 1255736]

S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-12-14 13:39:45 466944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

2012-12-14 13:39:43 -------- d-----w- C:\Users\Rachel\AppData\Roaming\Catalina Marketing Corp

2012-12-14 13:39:39 489712 ----a-w- C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe

2012-12-14 02:01:37 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-12-14 02:01:36 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-12-14 02:01:33 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-12-14 02:01:13 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-14 02:01:13 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-14 01:59:59 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-12-07 02:52:45 -------- d-----w- C:\Users\Rachel\AppData\Roaming\System

.

==================== Find3M ====================

.

2012-12-14 12:28:27 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-14 12:28:27 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 11:40:24 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2012-11-09 11:37:42 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2012-11-09 11:37:30 177680 ----a-w- C:\Windows\System32\mfevtps.exe

2012-11-09 11:36:40 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2012-11-09 11:36:30 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2012-11-09 11:35:50 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2012-11-09 11:34:58 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2012-11-09 11:34:18 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2012-11-09 11:33:58 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

.

============= FINISH: 12:16:01.05 ===============

Link to post
Share on other sites

Run the following:

download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Please post the log.

Next,

download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • 1. Wait until Prescan has finished...
  • The following EULA will appear, please select accept
    RKLicence.png
  • 2. Ensure MBR scan, Check faked and AntiRootkit are checked
  • 3. Select Scan
    RK1A.png
  • When the scan completes select Report, copy and paste that to your reply.

RK2A.png

Post both logs....

Link to post
Share on other sites

# AdwCleaner v2.101 - Logfile created 12/23/2012 at 13:19:58

# Updated 16/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Rachel - BABYSADDICTION

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Rachel\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Users\Public\Desktop\eBay.lnk

Folder Deleted : C:\Program Files (x86)\BabylonToolbar

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\Rachel\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=117023&tt=4512_2&babsrc=HP_ss&mntrId=b8457168000000000000bc77370d9bfd --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\jkygx7y1.default\prefs.js

C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\jkygx7y1.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=117023&tt=4512_2&babsrc=NT_ss&mntr[...]

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=117023&tt=4512_2&babsrc=HP_s[...]

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "b8457168000000000000bc77370d9bfd");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15652");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=117023&tt=4512_[...]

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.813:30:25");

Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=117023&tt=4512_2&babsrc=KW_ss&mntrId=b845[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2] : urls_to_restore_on_startup ="session": { "restore_on_startup": 4, [ "hxxp://search.babylon.com/[...]

Deleted [l.658] : homepage = "hxxp://search.babylon.com/?affID=117023&tt=4512_2&babsrc=HP_ss&mntrId=b8457168000000[...]

*************************

AdwCleaner[s1].txt - [9999 octets] - [23/12/2012 13:20:03]

########## EOF - C:\AdwCleaner[s1].txt - [10059 octets] ##########

Link to post
Share on other sites

RogueKiller V8.4.0 [Dec 20 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Rachel [Admin rights]

Mode : Scan -- Date : 12/23/2012 14:02:55

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++

--- User ---

[MBR] dd6967e897e9549401c89a8d9f38da4a

[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461837 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12232012_02d1402.txt >>

RKreport[1]_S_12232012_02d1402.txt

Link to post
Share on other sites

Ok run the following from Safe mode with NW...

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the Update completes, select Next

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

MBAntiRKclean.png

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

MBAntiRKclean1.png

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

Image6.png

13. Select "Exit" to close down.

14. Copy and paste the two following logs from the mbar folder:

System - log

Mbar - log Date and time of scan will also be shown

Image10.png

Post those two logs in your reply.

Link to post
Share on other sites

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2012.12.23.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Rachel :: BABYSADDICTION [administrator]

12/23/2012 5:46:43 PM

mbar-log-2012-12-23 (17-46-43).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 30850

Time elapsed: 1 hour(s), 39 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_29

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.292000 GHz

Memory total: 6352453632, free: 5408722944

------------ Kernel report ------------

12/23/2012 16:06:08

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\NETwNs64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\framebuf.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\cfwids.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8006e41060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80061be050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.12.23.07

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8006e41060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006e41b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006e41060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80061be050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xfffff8a0043366e0, 0xfffffa8006e41060, 0xfffffa80061ab790

Lower DeviceData: 0xfffff8a004ad4a00, 0xfffffa80061be050, 0xfffffa8006164e40

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7F2837E

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 208782

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 208845 Numsec = 30720000

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 30928845 Numsec = 945842275

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

Done!

Performing system, memory and registry scan...

Read File: File "C:\ProgramData\{611D9D8E-A1CE-4538-B861-3BEAC1A580E1}\(Desktop 2011) Wiley_CPA_Setup.dat" is compressed (flags = 1)

Read File: File "C:\ProgramData\{611D9D8E-A1CE-4538-B861-3BEAC1A580E1}\instance.dat" is compressed (flags = 1)

Done!

Scan finished

=======================================

Link to post
Share on other sites

MBAR is not showing anything obvious, OK we try the following:

Download Farbar Recovery Scan Tool on a clean PC (if possible) and save to a flash drive (memory stick). Use which ever of the folllowing is applicable to your system. (32 or 64 bit)

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <--- 64 bit version Save to USB flash drive

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <--- 32 bit version Save to USB Flash drive

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.