Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

babylon-tool

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

babylon-tool

Unread postby Phileas » May 5th, 2011, 3:55 am

Hi there,

can I ask you for some help? I have -don't know hoy - downloaded the babylon search tool, which seems to be a very unpleasant thing for many Internet-Users as I am, according to the many threads and questions I have found about it in the net. I deleted some obvious parts of this malware in my registry, but it has not been removed fully: When I open my IE, there is always automatically uploaded a specia babylon-site. Changes in the administration of add-ons didn-t help. Can you find something in my logs?
Thanks a lot!!


Phil


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Philipp at 9:43:21,02 on 05.05.2011
Internet Explorer: 8.0.6001.19048
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.41.1031.18.2971.1009 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
c:\Program Files\Fingerprint Sensor\AtService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\conime.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Users\Philipp\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
uStart Page = https://webmail.uzh.ch/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Softonic Deutsch FF Toolbar: {9d81af43-de53-48d0-a199-42c2a226b24c} - c:\program files\softonic_deutsch_ff\tbSoft.dll
mURLSearchHooks: Softonic Deutsch FF Toolbar: {9d81af43-de53-48d0-a199-42c2a226b24c} - c:\program files\softonic_deutsch_ff\tbSoft.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Softonic Deutsch FF Toolbar: {9d81af43-de53-48d0-a199-42c2a226b24c} - c:\program files\softonic_deutsch_ff\tbSoft.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Softonic Deutsch FF Toolbar: {9d81af43-de53-48d0-a199-42c2a226b24c} - c:\program files\softonic_deutsch_ff\tbSoft.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarTlbr.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BabylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
StartupFolder: c:\users\philipp\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\philipp\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &AOL Toolbar-Suche - c:\programdata\aol\ietoolbar\resources\de-ch\local\search.html
IE: An OneNote s&enden - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://idlmail08.lotus.uzh.ch/dwa85W.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: APSHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli ASWLNPkg
.
============= SERVICES / DRIVERS ===============
.
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-6-6 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-6-6 12928]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-6-6 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2010-10-13 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-13 269480]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-16 1176824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-13 61960]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-10 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-6-6 256512]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-8 24936]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-10-11 2058776]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-15 475520]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-21 193840]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-3-27 224384]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2006-12-20 47616]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-15 38224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-16 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-16 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-05 06:22:55 -------- d-----w- c:\users\philipp\appdata\local\{47544549-B458-4BCD-8DD6-89214304D5CF}
2011-05-04 18:22:01 -------- d-----w- c:\users\philipp\appdata\local\{2DD8E86C-0DDF-4F61-A6FA-5694D9F003D5}
2011-05-04 06:21:20 -------- d-----w- c:\users\philipp\appdata\local\{8F5A314E-2FF2-41AB-9A9F-14F8CA6F37A0}
2011-05-03 07:06:40 -------- d-----w- c:\users\philipp\appdata\local\{2BDD7B91-384E-443D-9752-8A871E420EF6}
2011-05-02 20:04:18 -------- d-----w- c:\program files\Basement Softworks
2011-05-02 19:43:32 -------- d-----w- c:\users\philipp\appdata\roaming\VUPlayer
2011-05-02 19:35:13 -------- d-----w- c:\program files\VUPlayer
2011-05-02 19:05:40 -------- d-----w- c:\users\philipp\appdata\local\{69EBFB71-93D8-4243-8F17-7D00231D65F4}
2011-05-02 07:01:43 -------- d-----w- c:\users\philipp\appdata\local\{B945BF65-3582-480D-92A0-40662E29B868}
2011-05-01 06:57:37 -------- d-----w- c:\users\philipp\appdata\local\{B4AA351B-457A-4521-818B-12983D2A43E5}
2011-04-29 05:32:11 -------- d-----w- c:\users\philipp\appdata\local\{4BE38730-5B12-496F-8721-F662F047A3C4}
2011-04-28 06:58:12 -------- d-----w- c:\users\philipp\appdata\local\{6C67ED5E-5C93-417E-AD86-07E62C3E6CAF}
2011-04-28 06:06:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 06:06:28 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 06:06:20 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 06:54:10 -------- d-----w- c:\users\philipp\appdata\local\{C9405EF2-960B-4343-8D1D-B7DA7574ADA4}
2011-04-26 05:54:14 -------- d-----w- c:\users\philipp\appdata\local\{691724A9-46B6-4AA1-A44A-EE3E8603529B}
2011-04-25 20:58:10 -------- d-----w- c:\users\philipp\appdata\local\{F94D741F-2F80-40B4-AB23-42E11869704A}
2011-04-25 08:17:36 -------- d-----w- c:\users\philipp\appdata\local\{167B242C-DA53-415D-B6F1-CA633D4691E1}
2011-04-23 12:08:54 -------- d-----w- c:\users\philipp\appdata\local\{718228F7-EBD4-42F5-B0F1-4DCE60EFE18C}
2011-04-22 06:18:12 -------- d-----w- c:\users\philipp\appdata\local\{7B47CB0D-C644-428B-B57E-212CF8364C37}
2011-04-21 10:04:46 -------- d-----w- c:\users\philipp\appdata\local\{BAA79C2A-FD8D-4506-82B2-3339DC27F777}
2011-04-21 04:58:27 -------- d-----w- c:\users\philipp\appdata\local\{484277F2-6E4F-4F93-BE7A-CEE60B507FF5}
2011-04-20 08:14:07 -------- d-----w- c:\users\philipp\appdata\local\{F7EA49DC-FEB3-445E-9E3E-6512DEBA421F}
2011-04-19 18:48:21 -------- d-----w- c:\users\philipp\appdata\local\{17372850-9965-4BB0-BF00-C3A55ED83CA9}
2011-04-19 16:19:58 -------- d-----w- c:\program files\Conduit
2011-04-19 16:19:53 -------- d-----w- c:\program files\ConduitEngine
2011-04-19 16:19:47 -------- d-----w- c:\program files\Softonic_Deutsch_FF
2011-04-19 16:18:58 -------- d-----w- c:\program files\FreeTime
2011-04-19 06:47:28 -------- d-----w- c:\users\philipp\appdata\local\{467E03FE-8C8C-42D6-95BC-DA5524BB3688}
2011-04-18 18:46:34 -------- d-----w- c:\users\philipp\appdata\local\{EFC00515-A64B-48A4-94DA-7C248996D634}
2011-04-18 15:44:20 -------- d-----r- c:\users\philipp\Dropbox
2011-04-18 15:40:11 -------- d-----w- c:\users\philipp\appdata\roaming\Dropbox
2011-04-18 06:45:52 -------- d-----w- c:\users\philipp\appdata\local\{51368706-8C34-4A13-9173-B962EEAEAC2D}
2011-04-18 06:05:07 -------- d-----w- c:\users\philipp\appdata\local\{A4853A6A-B741-4572-B3F2-4491191E319A}
2011-04-17 17:46:25 -------- d-----w- c:\users\philipp\appdata\local\{E9B8A4E4-036D-4516-BA4E-D33CB829AE6E}
2011-04-17 05:45:32 -------- d-----w- c:\users\philipp\appdata\local\{AE4B7CD4-3F2A-4ED3-BFC3-3A355DF80F92}
2011-04-16 18:31:11 -------- d-----w- c:\users\philipp\appdata\local\Google
2011-04-16 17:44:34 -------- d-----w- c:\users\philipp\appdata\local\{857F4AFA-4F3B-4B08-8DE7-37E77FC2AFD1}
2011-04-16 06:48:19 -------- d-----w- c:\program files\ESET
2011-04-16 05:43:38 -------- d-----w- c:\users\philipp\appdata\local\{2F425E78-6E4A-4DC1-ABCC-22C97186CA04}
2011-04-15 17:29:58 -------- d-----w- c:\users\philipp\appdata\local\{157643B3-B702-4C66-B789-5C0D20CE54AF}
2011-04-15 11:54:34 -------- d-----w- c:\users\philipp\appdata\roaming\Malwarebytes
2011-04-15 11:54:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-15 11:54:22 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-15 11:54:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-15 11:54:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-15 11:48:34 -------- d-----w- c:\windows\system32\appmgmt
2011-04-15 05:49:47 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 05:49:46 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 05:49:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 05:49:45 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 05:47:54 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 05:47:53 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 05:47:34 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 05:47:34 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 05:47:34 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 05:46:23 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 05:45:53 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 05:45:25 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 05:44:54 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-15 05:44:23 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 05:29:05 -------- d-----w- c:\users\philipp\appdata\local\{C5893BC2-97B8-4E37-A257-5CC5AA8C6723}
2011-04-14 16:50:02 -------- d-----w- c:\users\philipp\appdata\local\{50E88A48-374B-470D-894D-0F62C17008CD}
2011-04-13 07:21:46 -------- d-----w- c:\users\philipp\appdata\local\{FC5B780D-B553-4A6F-B29B-3D5F0A3419DA}
2011-04-12 18:06:08 -------- d-----w- c:\users\philipp\appdata\local\{913323F5-165E-411E-8AA9-9FB9B8D2FBFB}
2011-04-12 06:05:27 -------- d-----w- c:\users\philipp\appdata\local\{D7F9417C-DB89-4A50-8454-7F71880A6DB2}
2011-04-11 18:04:29 -------- d-----w- c:\users\philipp\appdata\local\{C22DED24-3565-43A4-9C5D-17E75C806F28}
2011-04-11 06:03:43 -------- d-----w- c:\users\philipp\appdata\local\{A2E89A8F-DBC2-4C4E-B4FD-2064100E6D45}
2011-04-10 10:20:54 -------- d-----w- c:\users\philipp\appdata\local\{F3DDA1BA-7E6B-4F56-8F1B-CEDB24588BE0}
2011-04-09 22:19:58 -------- d-----w- c:\users\philipp\appdata\local\{6A8D8B09-F78B-4272-8991-169AFACA7893}
2011-04-09 04:37:45 -------- d-----w- c:\users\philipp\appdata\local\{51EAA2C8-38C0-48AC-AFD6-2F43C199C229}
2011-04-08 04:36:00 -------- d-----w- c:\users\philipp\appdata\local\{07A081DC-E858-4F55-86F1-FD805D490715}
2011-04-07 16:30:28 -------- d-----w- c:\users\philipp\appdata\local\{874ABAE4-5AD9-42A3-ACC2-941E182E4870}
2011-04-07 04:29:47 -------- d-----w- c:\users\philipp\appdata\local\{E2245E91-D8CE-4171-9A80-4B807F9FDEFB}
2011-04-06 09:29:15 -------- d-----w- c:\users\philipp\appdata\local\{B8DC3EF3-6BB7-477C-A635-A54D3DBCFB53}
2011-04-05 20:32:15 -------- d-----w- c:\users\philipp\appdata\local\{5DDE32D8-8DD5-46FA-B40E-5A8D611D6F96}
.
==================== Find3M ====================
.
2011-04-04 19:10:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 9:46:28,93 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 11.10.2010 23:37:22
System Uptime: 05.05.2011 08:51:13 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30DB
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Intel(R) Genuine processor | 800/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 61,597 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1,344 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 1 GiB total, 0,972 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
7-Zip 4.65
ActivClient 6.1 x86
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1) - Deutsch
Agere Systems HDA Modem
AOL Toolbar 5.0
AudioCon
AuthenTec Fingerprint System
Avira AntiVir Personal - Free Antivirus
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon iP4800 series Benutzerregistrierung
Canon iP4800 series Printer Driver
Canon My Printer
Canon Solution Menu EX
capella 7
CD-LabelPrint
Conduit Engine
Credential Manager for HP ProtectTools
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
DivX-Setup
Drive Encryption for HP ProtectTools
Dropbox
ESET Online Scanner v3
ESU for Microsoft Vista SP1
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP 3D DriveGuard
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP JavaCard for HP ProtectTools
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons 6.40 E1
HP QuickLook 2
HP Software Setup 5.00.A.7
HP Update
HP User Guides 0098
HP Wallpaper
HP Webcam
HP Webcam Application
HP Wireless Assistant
HPNetworkAssistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel® Active-Management-Technologie
Intel® Matrix Storage Manager
IrfanView (remove only)
Java(TM) 6 Update 24
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office Access MUI (German) 2010
Microsoft Office Communicator 2007
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 2003-Setup-Start
Microsoft Works 7.0
Microsoft Works Suite-Add-Ins für Microsoft Word
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDFCreator
Presto! BizCard 5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Segoe UI
Softonic Deutsch FF Toolbar
SoundMAX
Synaptics Pointing Device Driver
Update für Microsoft Outlook Social Connector (KB2441641)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
VC80CRTRedist - 8.0.50727.4053
Vista Default Settings
VLC media player 1.1.4
VUPlayer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Works Suite-Betriebssystem-Pack
.
==== End Of File ===========================
Phileas
Active Member
 
Posts: 11
Joined: April 14th, 2011, 11:39 am
Advertisement
Register to Remove

Re: babylon-tool

Unread postby Scolabar » May 8th, 2011, 3:57 pm

Hi Phileas,

Firstly, welcome to the Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.

I am currently working under the guidance of the MRU teachers, everything I post to you, will need to be reviewed by them.
This additional review process can add some extra time to my responses, but hopefully not too much.
;)

Please note the following important guidelines before proceeding:
  1. The instructions that will be provided are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
    !
  2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
  3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
    Absence of symptoms does not necessarily mean that everything is clear.
  5. DO NOT run any other fix or removal tools unless instructed to do so!
  6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Please Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: babylon-tool

Unread postby Scolabar » May 9th, 2011, 5:50 pm

Hi Phileas,

Thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Business Use Computer?

Entries in your DDS log lead me to believe that this computer may be being used for business purposes.
Please could you confirm if this is the case? If the computer is not used for business purposes please proceed with Step 2.

Step 2:
TFC

Please download TFC.exe by Old Timer. Save it to your Desktop.

Print these instructions. Save any unsaved work. TFC will close ALL open programs including your browser!

  1. Double-click on TFC.exe to run it.
    Vista - W7 users: Right-click on TFC.exe and select "Run As Administrator..." to launch the program. If you receive a UAC prompt, please allow it.
  2. TFC will now begin cleaning up the "temp" files.
    Note: This process may take only a few seconds or it could take several minutes, depending on the amount of temp files found.
  3. If prompted to reboot, click on the Yes button to confirm.

! IMPORTANT ! If TFC prompts you to reboot, please do so immediately, before proceeding with any other steps or other use of your computer.

Step 3:
MGA Diagnostics

  1. Please download this tool from Microsoft and Save it to your Desktop.
  2. Double-click on the MGADiag.exe icon to launch the program.
    Vista - W7 users: Right-click on MGADiag.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
    If you receive an Open File Security Warning click on the Run button.
  3. Click on the Continue button to proceed.
  4. The program will now run. It will take a short while to complete its diagnosis, please be patient.
  5. When it has finished click on the Copy button.
  6. Open Notepad by clicking Start > Run, type in Notepad then click OK.
  7. Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
  8. Click on the OK button to exit the MGA Diagnostics program.
  9. Then Copy and Paste the entire contents of mgadiag.txt into your next reply.

Step 4:
WVCheck

  1. Please download WVCheck and Save it to your Desktop.
  2. Double click WVCheck.exe, to run the process.
    Vista - W7 users: Right-click on WVCheck.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. Read the comments on the screen and then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is finished, a scan report named WVCheck_hhmm_dd-mm-yyyy.txt will automatically saved to your Desktop and opened in Notepad.
  5. Please Copy and Paste the entire contents of WVCheck_hhmm_dd-mm-yyyy.txt into your next reply.

Step 5:
CKScanner

  1. Please download CKScanner and Save it to your Desktop.
    Make sure that CKScanner.exe is on your Desktop before running the application!
  2. Double-click on the CKScanner.exe icon to launch the program and then click on the Search For Files button.
    Vista - W7 users: Right-click on CKScanner.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
    A text file will be created on your desktop named ckfiles.txt.
  4. Click on the Exit button to close the program.
  5. Double-click on the ckfiles.txt file to open it.
  6. Then Copy and Paste the entire contents of the file into your next reply.

Step 6:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. Please confirm whether or not this is a Business Use Computer.
  3. mgadiag.txt.
  4. WVCheck_hhmm_dd-mm-yyyy.txt.
  5. ckfiles.txt.
  6. Do you have the original Windows installation media for your PC?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: babylon-tool

Unread postby Phileas » May 12th, 2011, 9:25 am

Hello Scolabar,
thanks for your precise instructions. So I post you as demanded:
1. There were no problems by executing your orders.
2. My laptop ist definitely not a Computer for business use
3. mgadiag.text:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-8C6BG-C9BT2-3XDRY
Windows Product Key Hash: oWta8ppfnmM4oKWopS821q1BPNs=
Windows Product ID: 89576-OEM-7332141-00039
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010100.2.0.006
ID: {1DE7BE7F-2E18-4BCA-9E07-A2BD4D66FD8D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows Vista (TM) Business
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1DE7BE7F-2E18-4BCA-9E07-A2BD4D66FD8D}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010100.2.0.006</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3XDRY</PKey><PID>89576-OEM-7332141-00039</PID><PIDType>2</PIDType><SID>S-1-5-21-285388904-2522916759-3500499248</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP EliteBook 6930p</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>68PCU Ver. F.12</Version><SMBIOSVersion major="2" minor="4"/><Date>20090731000000.000000+000</Date></BIOS><HWID>28323507018400F8</HWID><UserLCID>0407</UserLCID><SystemLCID>0407</SystemLCID><TimeZone>Mitteleuropäische Zeit(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Softwarelizenzierungsdienst-Version: 6.0.6002.18005
Name: Windows(TM) Vista, Business edition
Beschreibung: Windows Operating System - Vista, OEM_SLP channel
Aktivierungs-ID: fd3bcb98-5c55-4b2d-ae32-a4515e3c17a3
Anwendungs-ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Erweiterte PID: 89576-00146-321-400039-02-1031-6001.0000-2842010
Installations-ID: 012475090245909260892252213066842336485340886746501630
Prozessorzertifikat-URL: http://go.microsoft.com/fwlink/?LinkID=43473
Computerzertifikat-URL: http://go.microsoft.com/fwlink/?LinkID=43474
Lizenz-URL verwenden: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key-Zertifikat-URL: http://go.microsoft.com/fwlink/?LinkID=43475
Teil-Product Key: 3XDRY
Lizenzstatus: Lizenziert

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OAAAAAEABAABAAIAAQABAAAAAwABAAEAeqj6CTboaIX2sjR3xKUs2VBnnILy9DQcOHYumaxWRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM 30DB
FACP HPQOEM 30DB
HPET HPQOEM 30DB
MCFG HPQOEM 30DB
TCPA HPQOEM 30DB
SSDT HPQOEM SataAhci
SLIC HPQOEM SLIC-MPC
DMAR 
ASF! HPQOEM 30DB
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci


4. WVCheck:

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1515_12-05-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 2
Windows Mode: Normal
Systemroot Path: C:\windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-05-12 11:39:33
Last Success Time for Update Download: 2011-05-11 15:33:15
Last Success Time for Update Installation: 2011-05-11 21:20:09


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 75510147b94598407666f4802797c75a


-------- End of File, program close at 1515_12-05-2011 --------

5.ckfiles.txt
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----


6. I'm confident I would find somewhere in my flat the original Windows installation for my Computer.

Thanks as long as we get here!
I'm ready for your next instructions.

Greets
Phil
Phileas
Active Member
 
Posts: 11
Joined: April 14th, 2011, 11:39 am

Re: babylon-tool

Unread postby Scolabar » May 13th, 2011, 7:14 am

Hi Phileas,

Thank you again for your patience. :)

Please could you explain what this computer is used for? The reason I ask is that there is evidence in the logs of business class software running that would not ordinarily be expected to be running on a typical home use computer.
I refer you to the MRU's policy on who can and cannot expect to receive help at this forum.
Please let me know in your next reply.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: babylon-tool

Unread postby Phileas » May 14th, 2011, 3:06 am

Hi Scolabar,

I can assure you, that I definitely not use my computer for business things but for myself as a student (to write papers for university) and for my spare time. As I don't have any kind of business, I can't imagine what signs my computer gives that it seems to :-). This is my private computer at home and I'm the only person using it.
Phileas
Active Member
 
Posts: 11
Joined: April 14th, 2011, 11:39 am

Re: babylon-tool

Unread postby Scolabar » May 14th, 2011, 8:13 am

Hi Phileas,

Thank you for the confirmation. :)

Please read the instructions below carefully before executing and perform the steps, in the order given, and before we proceed please make sure any open programs are closed.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Step 1:
ERUNT - Emergency Recovery Utility NT

First we will try to back up the Registry with ERUNT:

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
ERUNT (Emergency Recovery Utility NT) by Lars Hederer is a free program that allows you to create a complete backup of your registry and restore it when needed.

  1. Please download ERUNT and save it to your Desktop.
    Note: VISTA users must right-click on erunt-setup-exe and select "Run As Administrator" to run the installation process.
  2. Double-click on erunt-setup-exe to run the installation process.
    Note: If the Open File - Security Warning window pops up, click on the Run button.
  3. Install ERUNT by following the prompts using the default installation settings.
  4. Make sure the first two check boxes Create ERUNT desktop icon and Create NTREGOPT desktop icon are checked.
  5. When you reach the section that asks you to add ERUNT to the Start-Up folder click on the No button. This later can be enabled later, if required.
  6. In the final screen make sure the Show documentation option is unchecked. Then click on the Finish button.
  7. Click on the OK button in the Welcome! screen.
  8. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT\DD-MM-YYYY (where DD-MM-YYYY is the date of the backup) which is fine.
  9. under Backup options make sure both of the first two options: System registry and Current user registry are checked.
  10. Click on the Yes button to allow the folder to be created.
    After a short duration the Registry backup is complete! pop-up message will appear.
  11. Now click on OK. A registry backup has now been created.

< STOP > If you are unable to complete this step successfully, < STOP > do not continue with any fix steps, let me know immediately in your next post!

Step 2:
TDSSKiller

Please download TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!

  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click on TDSSKiller.exe and select "Run As Administrator..." to launch the program. If you receive a UAC prompt, please allow it.
    If TDSSKiller does not run rename the program file. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the Scan results - Select action for found objects and offer 3 options.
    • Ensure Cure (default) is selected and then click Continue > Reboot now to finish the cleaning process.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.

Step 3:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: babylon-tool

Unread postby Phileas » May 17th, 2011, 5:11 am

Hello Scolabar,

I had no problems to enable ERUNT.

The Scan with TDDSkiller found 1 suspicious object:
Service name:SafeBoot
Service type: kernel diver (0x1)
Service start: Boot (0x0)
File:C:/windows/system32/drivers/safeboot.sys
MD5:b48c00f75e7cd122abb2ad87dfd270

But there was no option "cure" (or I didn't see it), but only the options "skip", "copy to quaranatine" and "delete". I was unsure and one time chose skip, second time copy to quarantine. See the log below.

2011/05/17 10:53:45.0238 7552 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/17 10:53:45.0403 7552 ================================================================================
2011/05/17 10:53:45.0404 7552 SystemInfo:
2011/05/17 10:53:45.0404 7552
2011/05/17 10:53:45.0404 7552 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/17 10:53:45.0404 7552 Product type: Workstation
2011/05/17 10:53:45.0404 7552 ComputerName: PHILIPP-PC
2011/05/17 10:53:45.0407 7552 UserName: Philipp
2011/05/17 10:53:45.0407 7552 Windows directory: C:\windows
2011/05/17 10:53:45.0407 7552 System windows directory: C:\windows
2011/05/17 10:53:45.0409 7552 Processor architecture: Intel x86
2011/05/17 10:53:45.0409 7552 Number of processors: 2
2011/05/17 10:53:45.0409 7552 Page size: 0x1000
2011/05/17 10:53:45.0409 7552 Boot type: Normal boot
2011/05/17 10:53:45.0410 7552 ================================================================================
2011/05/17 10:53:46.0597 7552 Initialize success
2011/05/17 10:53:53.0309 7592 ================================================================================
2011/05/17 10:53:53.0309 7592 Scan started
2011/05/17 10:53:53.0309 7592 Mode: Manual;
2011/05/17 10:53:53.0309 7592 ================================================================================
2011/05/17 10:53:54.0438 7592 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\windows\system32\DRIVERS\Accelerometer.sys
2011/05/17 10:53:54.0583 7592 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\windows\system32\drivers\acpi.sys
2011/05/17 10:53:54.0656 7592 ADIHdAudAddService (364a903711e84eb1386fa04106681b7a) C:\windows\system32\drivers\ADIHdAud.sys
2011/05/17 10:53:54.0730 7592 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\windows\system32\drivers\adp94xx.sys
2011/05/17 10:53:54.0814 7592 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\windows\system32\drivers\adpahci.sys
2011/05/17 10:53:54.0904 7592 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\windows\system32\drivers\adpu160m.sys
2011/05/17 10:53:54.0982 7592 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\windows\system32\drivers\adpu320.sys
2011/05/17 10:53:55.0128 7592 AFD (a201207363aa900abf1a388468688570) C:\windows\system32\drivers\afd.sys
2011/05/17 10:53:55.0265 7592 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\windows\system32\DRIVERS\AGRSM.sys
2011/05/17 10:53:55.0478 7592 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\windows\system32\drivers\agp440.sys
2011/05/17 10:53:55.0551 7592 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\windows\system32\drivers\djsvs.sys
2011/05/17 10:53:55.0629 7592 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\windows\system32\drivers\aliide.sys
2011/05/17 10:53:55.0700 7592 amdagp (c47344bc706e5f0b9dce369516661578) C:\windows\system32\drivers\amdagp.sys
2011/05/17 10:53:55.0754 7592 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\windows\system32\drivers\amdide.sys
2011/05/17 10:53:55.0897 7592 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\windows\system32\drivers\amdk7.sys
2011/05/17 10:53:56.0046 7592 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\windows\system32\DRIVERS\amdk8.sys
2011/05/17 10:53:56.0208 7592 arc (5d2888182fb46632511acee92fdad522) C:\windows\system32\drivers\arc.sys
2011/05/17 10:53:56.0271 7592 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\windows\system32\drivers\arcsas.sys
2011/05/17 10:53:56.0420 7592 AsyncMac (53b202abee6455406254444303e87be1) C:\windows\system32\DRIVERS\asyncmac.sys
2011/05/17 10:53:56.0490 7592 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\windows\system32\drivers\atapi.sys
2011/05/17 10:53:56.0589 7592 ATSwpWDF (a9f9d1d24441889beb1aa2b917457e23) C:\windows\system32\Drivers\ATSwpWDF.sys
2011/05/17 10:53:57.0246 7592 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\windows\system32\DRIVERS\avgntflt.sys
2011/05/17 10:53:57.0347 7592 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\windows\system32\DRIVERS\avipbb.sys
2011/05/17 10:53:57.0573 7592 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/05/17 10:53:57.0774 7592 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\windows\system32\drivers\Beep.sys
2011/05/17 10:53:57.0890 7592 blbdrive (d4df28447741fd3d953526e33a617397) C:\windows\system32\drivers\blbdrive.sys
2011/05/17 10:53:58.0034 7592 bowser (35f376253f687bde63976ccb3f2108ca) C:\windows\system32\DRIVERS\bowser.sys
2011/05/17 10:53:58.0143 7592 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\brfiltlo.sys
2011/05/17 10:53:58.0329 7592 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\brfiltup.sys
2011/05/17 10:53:58.0486 7592 Brserid (b304e75cff293029eddf094246747113) C:\windows\system32\drivers\brserid.sys
2011/05/17 10:53:58.0603 7592 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\system32\drivers\brserwdm.sys
2011/05/17 10:53:58.0759 7592 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\system32\drivers\brusbmdm.sys
2011/05/17 10:53:58.0902 7592 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\system32\drivers\brusbser.sys
2011/05/17 10:53:59.0103 7592 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\windows\system32\DRIVERS\BthEnum.sys
2011/05/17 10:53:59.0275 7592 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\windows\system32\drivers\bthmodem.sys
2011/05/17 10:53:59.0378 7592 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\windows\system32\DRIVERS\bthpan.sys
2011/05/17 10:53:59.0488 7592 BTHPORT (671134053d59e23704f08db19f11e10b) C:\windows\system32\Drivers\BTHport.sys
2011/05/17 10:53:59.0589 7592 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\windows\system32\Drivers\BTHUSB.sys
2011/05/17 10:53:59.0714 7592 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\windows\system32\DRIVERS\cdfs.sys
2011/05/17 10:53:59.0884 7592 cdrom (6b4bffb9becd728097024276430db314) C:\windows\system32\DRIVERS\cdrom.sys
2011/05/17 10:54:00.0020 7592 circlass (e5d4133f37219dbcfe102bc61072589d) C:\windows\system32\drivers\circlass.sys
2011/05/17 10:54:00.0114 7592 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\windows\system32\CLFS.sys
2011/05/17 10:54:00.0279 7592 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\windows\system32\DRIVERS\CmBatt.sys
2011/05/17 10:54:00.0343 7592 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\windows\system32\drivers\cmdide.sys
2011/05/17 10:54:00.0448 7592 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\windows\system32\DRIVERS\compbatt.sys
2011/05/17 10:54:00.0659 7592 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\windows\system32\drivers\crcdisk.sys
2011/05/17 10:54:00.0763 7592 Crusoe (1f07becdca750766a96cda811ba86410) C:\windows\system32\drivers\crusoe.sys
2011/05/17 10:54:00.0952 7592 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\windows\system32\drivers\csc.sys
2011/05/17 10:54:01.0133 7592 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\windows\system32\Drivers\dfsc.sys
2011/05/17 10:54:01.0237 7592 disk (5d4aefc3386920236a548271f8f1af6a) C:\windows\system32\drivers\disk.sys
2011/05/17 10:54:01.0352 7592 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\windows\system32\DRIVERS\Dot4.sys
2011/05/17 10:54:01.0417 7592 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\windows\system32\DRIVERS\Dot4Prt.sys
2011/05/17 10:54:01.0524 7592 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\windows\system32\DRIVERS\dot4usb.sys
2011/05/17 10:54:01.0612 7592 drmkaud (97fef831ab90bee128c9af390e243f80) C:\windows\system32\drivers\drmkaud.sys
2011/05/17 10:54:01.0693 7592 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\windows\System32\drivers\dxgkrnl.sys
2011/05/17 10:54:01.0776 7592 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\windows\system32\DRIVERS\E1G60I32.sys
2011/05/17 10:54:01.0993 7592 e1yexpress (76a02bc4e8008a8cbaf5cc7efb9df839) C:\windows\system32\DRIVERS\e1y6032.sys
2011/05/17 10:54:02.0166 7592 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\windows\system32\drivers\ecache.sys
2011/05/17 10:54:02.0273 7592 elxstor (23b62471681a124889978f6295b3f4c6) C:\windows\system32\drivers\elxstor.sys
2011/05/17 10:54:02.0406 7592 ErrDev (3db974f3935483555d7148663f726c61) C:\windows\system32\drivers\errdev.sys
2011/05/17 10:54:02.0515 7592 exfat (22b408651f9123527bcee54b4f6c5cae) C:\windows\system32\drivers\exfat.sys
2011/05/17 10:54:02.0603 7592 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\windows\system32\drivers\fastfat.sys
2011/05/17 10:54:02.0706 7592 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\windows\system32\DRIVERS\fdc.sys
2011/05/17 10:54:02.0796 7592 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\windows\system32\drivers\fileinfo.sys
2011/05/17 10:54:02.0869 7592 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\windows\system32\drivers\filetrace.sys
2011/05/17 10:54:02.0955 7592 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\windows\system32\DRIVERS\flpydisk.sys
2011/05/17 10:54:03.0109 7592 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\windows\system32\drivers\fltmgr.sys
2011/05/17 10:54:03.0240 7592 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\windows\system32\drivers\Fs_Rec.sys
2011/05/17 10:54:03.0313 7592 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\windows\system32\drivers\gagp30kx.sys
2011/05/17 10:54:03.0422 7592 HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\windows\system32\DRIVERS\cpqbttn.sys
2011/05/17 10:54:03.0483 7592 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\windows\system32\drivers\HdAudio.sys
2011/05/17 10:54:03.0583 7592 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/05/17 10:54:03.0662 7592 HECI (2df64415a28ce036ac6acec7645a996f) C:\windows\system32\DRIVERS\HECI.sys
2011/05/17 10:54:03.0711 7592 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\windows\system32\drivers\hidbth.sys
2011/05/17 10:54:03.0767 7592 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\windows\system32\drivers\hidir.sys
2011/05/17 10:54:03.0932 7592 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\windows\system32\DRIVERS\hidusb.sys
2011/05/17 10:54:04.0148 7592 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\windows\system32\drivers\hpcisss.sys
2011/05/17 10:54:04.0246 7592 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\windows\system32\DRIVERS\hpdskflt.sys
2011/05/17 10:54:04.0392 7592 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/17 10:54:04.0518 7592 HTTP (f870aa3e254628ebeafe754108d664de) C:\windows\system32\drivers\HTTP.sys
2011/05/17 10:54:04.0664 7592 i2omp (c6b032d69650985468160fc9937cf5b4) C:\windows\system32\drivers\i2omp.sys
2011/05/17 10:54:04.0762 7592 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\windows\system32\DRIVERS\i8042prt.sys
2011/05/17 10:54:04.0901 7592 iaStor (de7c12e59605ea7ea0cf6345afeb0f07) C:\windows\system32\drivers\iastor.sys
2011/05/17 10:54:04.0943 7592 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\windows\system32\drivers\iastorv.sys
2011/05/17 10:54:05.0186 7592 igfx (6fb1858d1f0923d122b0331865695041) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/05/17 10:54:05.0390 7592 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\windows\system32\drivers\iirsp.sys
2011/05/17 10:54:05.0519 7592 intelide (83aa759f3189e6370c30de5dc5590718) C:\windows\system32\drivers\intelide.sys
2011/05/17 10:54:05.0586 7592 intelppm (224191001e78c89dfa78924c3ea595ff) C:\windows\system32\DRIVERS\intelppm.sys
2011/05/17 10:54:05.0660 7592 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/05/17 10:54:05.0789 7592 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\windows\system32\drivers\ipmidrv.sys
2011/05/17 10:54:05.0853 7592 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\windows\system32\DRIVERS\ipnat.sys
2011/05/17 10:54:05.0915 7592 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\windows\system32\drivers\irenum.sys
2011/05/17 10:54:05.0992 7592 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\windows\system32\drivers\isapnp.sys
2011/05/17 10:54:06.0057 7592 iScsiPrt (232fa340531d940aac623b121a595034) C:\windows\system32\DRIVERS\msiscsi.sys
2011/05/17 10:54:06.0105 7592 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\windows\system32\drivers\iteatapi.sys
2011/05/17 10:54:06.0172 7592 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\windows\system32\drivers\iteraid.sys
2011/05/17 10:54:06.0231 7592 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/05/17 10:54:06.0305 7592 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\windows\system32\DRIVERS\kbdhid.sys
2011/05/17 10:54:06.0401 7592 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\windows\system32\Drivers\ksecdd.sys
2011/05/17 10:54:06.0562 7592 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\windows\system32\DRIVERS\lltdio.sys
2011/05/17 10:54:06.0730 7592 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\windows\system32\drivers\lsi_fc.sys
2011/05/17 10:54:06.0831 7592 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\windows\system32\drivers\lsi_sas.sys
2011/05/17 10:54:06.0902 7592 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\windows\system32\drivers\lsi_scsi.sys
2011/05/17 10:54:06.0975 7592 luafv (8f5c7426567798e62a3b3614965d62cc) C:\windows\system32\drivers\luafv.sys
2011/05/17 10:54:07.0041 7592 megasas (0001ce609d66632fa17b84705f658879) C:\windows\system32\drivers\megasas.sys
2011/05/17 10:54:07.0111 7592 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\windows\system32\drivers\megasr.sys
2011/05/17 10:54:07.0241 7592 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\windows\system32\drivers\modem.sys
2011/05/17 10:54:07.0304 7592 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\windows\system32\DRIVERS\monitor.sys
2011/05/17 10:54:07.0375 7592 mouclass (5bf6a1326a335c5298477754a506d263) C:\windows\system32\DRIVERS\mouclass.sys
2011/05/17 10:54:07.0462 7592 mouhid (93b8d4869e12cfbe663915502900876f) C:\windows\system32\DRIVERS\mouhid.sys
2011/05/17 10:54:07.0520 7592 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\windows\system32\drivers\mountmgr.sys
2011/05/17 10:54:07.0611 7592 mpio (511d011289755dd9f9a7579fb0b064e6) C:\windows\system32\drivers\mpio.sys
2011/05/17 10:54:07.0769 7592 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\windows\system32\drivers\mpsdrv.sys
2011/05/17 10:54:07.0833 7592 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\windows\system32\drivers\mraid35x.sys
2011/05/17 10:54:07.0886 7592 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\windows\system32\drivers\mrxdav.sys
2011/05/17 10:54:07.0988 7592 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/05/17 10:54:08.0043 7592 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/05/17 10:54:08.0119 7592 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/05/17 10:54:08.0167 7592 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\windows\system32\drivers\msahci.sys
2011/05/17 10:54:08.0215 7592 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\windows\system32\drivers\msdsm.sys
2011/05/17 10:54:08.0307 7592 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\windows\system32\drivers\Msfs.sys
2011/05/17 10:54:08.0362 7592 msisadrv (0f400e306f385c56317357d6dea56f62) C:\windows\system32\drivers\msisadrv.sys
2011/05/17 10:54:08.0461 7592 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\windows\system32\drivers\MSKSSRV.sys
2011/05/17 10:54:08.0528 7592 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\windows\system32\drivers\MSPCLOCK.sys
2011/05/17 10:54:08.0588 7592 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\windows\system32\drivers\MSPQM.sys
2011/05/17 10:54:08.0652 7592 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\windows\system32\drivers\MsRPC.sys
2011/05/17 10:54:08.0737 7592 mssmbios (e384487cb84be41d09711c30ca79646c) C:\windows\system32\DRIVERS\mssmbios.sys
2011/05/17 10:54:08.0788 7592 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\windows\system32\drivers\MSTEE.sys
2011/05/17 10:54:08.0834 7592 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\windows\system32\Drivers\mup.sys
2011/05/17 10:54:08.0922 7592 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\windows\system32\DRIVERS\nwifi.sys
2011/05/17 10:54:09.0023 7592 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\windows\system32\drivers\ndis.sys
2011/05/17 10:54:09.0075 7592 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\windows\system32\DRIVERS\ndistapi.sys
2011/05/17 10:54:09.0125 7592 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\windows\system32\DRIVERS\ndisuio.sys
2011/05/17 10:54:09.0200 7592 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/05/17 10:54:09.0260 7592 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\windows\system32\drivers\NDProxy.sys
2011/05/17 10:54:09.0338 7592 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\windows\system32\DRIVERS\netbios.sys
2011/05/17 10:54:09.0418 7592 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\windows\system32\DRIVERS\netbt.sys
2011/05/17 10:54:09.0731 7592 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\windows\system32\DRIVERS\NETw5v32.sys
2011/05/17 10:54:09.0932 7592 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\windows\system32\drivers\nfrd960.sys
2011/05/17 10:54:10.0022 7592 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\windows\system32\drivers\Npfs.sys
2011/05/17 10:54:10.0096 7592 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\windows\system32\drivers\nsiproxy.sys
2011/05/17 10:54:10.0215 7592 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\windows\system32\drivers\Ntfs.sys
2011/05/17 10:54:10.0362 7592 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\windows\system32\drivers\ntrigdigi.sys
2011/05/17 10:54:10.0446 7592 Null (c5dbbcda07d780bda9b685df333bb41e) C:\windows\system32\drivers\Null.sys
2011/05/17 10:54:10.0521 7592 nvraid (2edf9e7751554b42cbb60116de727101) C:\windows\system32\drivers\nvraid.sys
2011/05/17 10:54:10.0593 7592 nvstor (abed0c09758d1d97db0042dbb2688177) C:\windows\system32\drivers\nvstor.sys
2011/05/17 10:54:10.0669 7592 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\windows\system32\drivers\nv_agp.sys
2011/05/17 10:54:10.0887 7592 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\windows\system32\DRIVERS\ohci1394.sys
2011/05/17 10:54:11.0056 7592 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\windows\system32\DRIVERS\parport.sys
2011/05/17 10:54:11.0113 7592 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\windows\system32\drivers\partmgr.sys
2011/05/17 10:54:11.0177 7592 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\windows\system32\DRIVERS\parvdm.sys
2011/05/17 10:54:11.0262 7592 pci (941dc1d19e7e8620f40bbc206981efdb) C:\windows\system32\drivers\pci.sys
2011/05/17 10:54:11.0350 7592 pciide (1636d43f10416aeb483bc6001097b26c) C:\windows\system32\drivers\pciide.sys
2011/05/17 10:54:11.0453 7592 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\windows\system32\DRIVERS\pcmcia.sys
2011/05/17 10:54:11.0592 7592 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\windows\system32\drivers\peauth.sys
2011/05/17 10:54:12.0081 7592 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\windows\system32\DRIVERS\raspptp.sys
2011/05/17 10:54:12.0149 7592 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\windows\system32\drivers\processr.sys
2011/05/17 10:54:12.0259 7592 PSched (99514faa8df93d34b5589187db3aa0ba) C:\windows\system32\DRIVERS\pacer.sys
2011/05/17 10:54:12.0377 7592 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\windows\system32\drivers\ql2300.sys
2011/05/17 10:54:12.0547 7592 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\windows\system32\drivers\ql40xx.sys
2011/05/17 10:54:12.0658 7592 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\windows\system32\drivers\qwavedrv.sys
2011/05/17 10:54:12.0751 7592 RasAcd (147d7f9c556d259924351feb0de606c3) C:\windows\system32\DRIVERS\rasacd.sys
2011/05/17 10:54:12.0865 7592 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/05/17 10:54:12.0955 7592 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\windows\system32\DRIVERS\raspppoe.sys
2011/05/17 10:54:13.0022 7592 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\windows\system32\DRIVERS\rassstp.sys
2011/05/17 10:54:13.0149 7592 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\windows\system32\DRIVERS\rdbss.sys
2011/05/17 10:54:13.0305 7592 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/05/17 10:54:13.0410 7592 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\windows\system32\DRIVERS\rdpdr.sys
2011/05/17 10:54:13.0477 7592 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\windows\system32\drivers\rdpencdd.sys
2011/05/17 10:54:13.0587 7592 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\windows\system32\drivers\RDPWD.sys
2011/05/17 10:54:13.0707 7592 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\windows\system32\DRIVERS\rfcomm.sys
2011/05/17 10:54:13.0764 7592 rimmptsk (1ae404944293c90ad690c5a0c4e9c75e) C:\windows\system32\DRIVERS\rimmptsk.sys
2011/05/17 10:54:13.0833 7592 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) C:\windows\system32\DRIVERS\rismc32.sys
2011/05/17 10:54:13.0915 7592 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\windows\system32\DRIVERS\rspndr.sys
2011/05/17 10:54:13.0981 7592 RsvLock (c0ef0f85c03e57686973932b6e46b172) C:\windows\system32\drivers\RsvLock.sys
2011/05/17 10:54:14.0040 7592 SafeBoot (b48c00f75e7afcd122abb2ad87dfd270) C:\windows\system32\drivers\SafeBoot.sys
2011/05/17 10:54:14.0040 7592 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: b48c00f75e7afcd122abb2ad87dfd270
2011/05/17 10:54:14.0057 7592 SafeBoot - detected LockedFile.Multi.Generic (1)
2011/05/17 10:54:14.0102 7592 SbAlg (5f1a459d5dd0feafb430328123be2836) C:\windows\system32\drivers\SbAlg.sys
2011/05/17 10:54:14.0174 7592 SbFsLock (10cc92eab610dfe1e5bd68a38c76256b) C:\windows\system32\drivers\SbFsLock.sys
2011/05/17 10:54:14.0214 7592 sbp2port (3ce8f073a557e172b330109436984e30) C:\windows\system32\drivers\sbp2port.sys
2011/05/17 10:54:14.0360 7592 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\windows\system32\DRIVERS\sdbus.sys
2011/05/17 10:54:14.0455 7592 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/05/17 10:54:14.0546 7592 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\windows\system32\DRIVERS\serenum.sys
2011/05/17 10:54:14.0646 7592 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\windows\system32\DRIVERS\serial.sys
2011/05/17 10:54:14.0715 7592 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\windows\system32\drivers\sermouse.sys
2011/05/17 10:54:14.0846 7592 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\windows\system32\drivers\sffdisk.sys
2011/05/17 10:54:14.0906 7592 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\windows\system32\drivers\sffp_mmc.sys
2011/05/17 10:54:14.0965 7592 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\windows\system32\drivers\sffp_sd.sys
2011/05/17 10:54:15.0011 7592 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\windows\system32\drivers\sfloppy.sys
2011/05/17 10:54:15.0113 7592 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\windows\system32\drivers\sisagp.sys
2011/05/17 10:54:15.0167 7592 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\windows\system32\drivers\sisraid2.sys
2011/05/17 10:54:15.0218 7592 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\windows\system32\drivers\sisraid4.sys
2011/05/17 10:54:15.0357 7592 Smb (7b75299a4d201d6a6533603d6914ab04) C:\windows\system32\DRIVERS\smb.sys
2011/05/17 10:54:15.0543 7592 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\windows\system32\DRIVERS\snp2uvc.sys
2011/05/17 10:54:15.0672 7592 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\windows\system32\drivers\spldr.sys
2011/05/17 10:54:15.0786 7592 srv (41987f9fc0e61adf54f581e15029ad91) C:\windows\system32\DRIVERS\srv.sys
2011/05/17 10:54:15.0883 7592 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\windows\system32\DRIVERS\srv2.sys
2011/05/17 10:54:15.0948 7592 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\windows\system32\DRIVERS\srvnet.sys
2011/05/17 10:54:16.0037 7592 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
2011/05/17 10:54:16.0154 7592 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\windows\system32\DRIVERS\swenum.sys
2011/05/17 10:54:16.0228 7592 Symc8xx (192aa3ac01df071b541094f251deed10) C:\windows\system32\drivers\symc8xx.sys
2011/05/17 10:54:16.0274 7592 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\windows\system32\drivers\sym_hi.sys
2011/05/17 10:54:16.0484 7592 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\windows\system32\drivers\sym_u3.sys
2011/05/17 10:54:16.0595 7592 SynTP (f5d926807bd9bc0af68f9376144de425) C:\windows\system32\DRIVERS\SynTP.sys
2011/05/17 10:54:16.0790 7592 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\drivers\tcpip.sys
2011/05/17 10:54:16.0929 7592 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\DRIVERS\tcpip.sys
2011/05/17 10:54:17.0004 7592 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\windows\system32\drivers\tcpipreg.sys
2011/05/17 10:54:17.0071 7592 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\windows\system32\drivers\tdpipe.sys
2011/05/17 10:54:17.0131 7592 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\windows\system32\drivers\tdtcp.sys
2011/05/17 10:54:17.0201 7592 tdx (76b06eb8a01fc8624d699e7045303e54) C:\windows\system32\DRIVERS\tdx.sys
2011/05/17 10:54:17.0263 7592 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\windows\system32\DRIVERS\termdd.sys
2011/05/17 10:54:17.0475 7592 TPM (cb258c2f726f1be73c507022be33ebb3) C:\windows\system32\drivers\tpm.sys
2011/05/17 10:54:17.0605 7592 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/05/17 10:54:17.0673 7592 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\windows\system32\DRIVERS\tunmp.sys
2011/05/17 10:54:17.0734 7592 tunnel (119b8184e106baedc83fce5ddf3950da) C:\windows\system32\DRIVERS\tunnel.sys
2011/05/17 10:54:17.0791 7592 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\windows\system32\drivers\uagp35.sys
2011/05/17 10:54:17.0864 7592 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\windows\system32\DRIVERS\udfs.sys
2011/05/17 10:54:17.0998 7592 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\windows\system32\drivers\uliagpkx.sys
2011/05/17 10:54:18.0077 7592 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\windows\system32\drivers\uliahci.sys
2011/05/17 10:54:18.0136 7592 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\windows\system32\drivers\ulsata.sys
2011/05/17 10:54:18.0202 7592 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\windows\system32\drivers\ulsata2.sys
2011/05/17 10:54:18.0269 7592 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\windows\system32\DRIVERS\umbus.sys
2011/05/17 10:54:18.0403 7592 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\windows\system32\DRIVERS\usbccgp.sys
2011/05/17 10:54:18.0501 7592 usbcir (e9476e6c486e76bc4898074768fb7131) C:\windows\system32\drivers\usbcir.sys
2011/05/17 10:54:18.0592 7592 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\windows\system32\DRIVERS\usbehci.sys
2011/05/17 10:54:18.0677 7592 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\windows\system32\DRIVERS\usbhub.sys
2011/05/17 10:54:18.0737 7592 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\windows\system32\DRIVERS\usbohci.sys
2011/05/17 10:54:18.0799 7592 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\windows\system32\DRIVERS\usbprint.sys
2011/05/17 10:54:18.0852 7592 usbscan (a508c9bd8724980512136b039bba65e9) C:\windows\system32\DRIVERS\usbscan.sys
2011/05/17 10:54:18.0919 7592 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/05/17 10:54:18.0972 7592 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\windows\system32\DRIVERS\usbuhci.sys
2011/05/17 10:54:19.0024 7592 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\windows\system32\Drivers\usbvideo.sys
2011/05/17 10:54:19.0117 7592 vga (87b06e1f30b749a114f74622d013f8d4) C:\windows\system32\DRIVERS\vgapnp.sys
2011/05/17 10:54:19.0166 7592 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\windows\System32\drivers\vga.sys
2011/05/17 10:54:19.0233 7592 viaagp (5d7159def58a800d5781ba3a879627bc) C:\windows\system32\drivers\viaagp.sys
2011/05/17 10:54:19.0289 7592 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\windows\system32\drivers\viac7.sys
2011/05/17 10:54:19.0373 7592 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\windows\system32\drivers\viaide.sys
2011/05/17 10:54:19.0457 7592 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\windows\system32\drivers\volmgr.sys
2011/05/17 10:54:19.0534 7592 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\windows\system32\drivers\volmgrx.sys
2011/05/17 10:54:19.0658 7592 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\windows\system32\drivers\volsnap.sys
2011/05/17 10:54:19.0756 7592 vsmraid (587253e09325e6bf226b299774b728a9) C:\windows\system32\drivers\vsmraid.sys
2011/05/17 10:54:19.0946 7592 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\windows\system32\drivers\wacompen.sys
2011/05/17 10:54:20.0010 7592 Wanarp (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
2011/05/17 10:54:20.0060 7592 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
2011/05/17 10:54:20.0155 7592 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\windows\system32\drivers\wd.sys
2011/05/17 10:54:20.0230 7592 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\windows\system32\drivers\Wdf01000.sys
2011/05/17 10:54:20.0711 7592 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/05/17 10:54:20.0851 7592 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\windows\system32\drivers\ws2ifsl.sys
2011/05/17 10:54:20.0982 7592 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/05/17 10:54:21.0139 7592 ================================================================================
2011/05/17 10:54:21.0140 7592 Scan finished
2011/05/17 10:54:21.0140 7592 ================================================================================
2011/05/17 10:54:21.0197 7584 Detected object count: 1
2011/05/17 10:55:57.0578 7584 LockedFile.Multi.Generic(SafeBoot) - User select action: Skip
2011/05/17 10:56:10.0408 5056 ================================================================================
2011/05/17 10:56:10.0408 5056 Scan started
2011/05/17 10:56:10.0408 5056 Mode: Manual;
2011/05/17 10:56:10.0408 5056 ================================================================================
2011/05/17 10:56:10.0888 5056 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\windows\system32\DRIVERS\Accelerometer.sys
2011/05/17 10:56:11.0058 5056 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\windows\system32\drivers\acpi.sys
2011/05/17 10:56:11.0181 5056 ADIHdAudAddService (364a903711e84eb1386fa04106681b7a) C:\windows\system32\drivers\ADIHdAud.sys
2011/05/17 10:56:11.0262 5056 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\windows\system32\drivers\adp94xx.sys
2011/05/17 10:56:11.0330 5056 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\windows\system32\drivers\adpahci.sys
2011/05/17 10:56:11.0399 5056 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\windows\system32\drivers\adpu160m.sys
2011/05/17 10:56:11.0452 5056 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\windows\system32\drivers\adpu320.sys
2011/05/17 10:56:11.0579 5056 AFD (a201207363aa900abf1a388468688570) C:\windows\system32\drivers\afd.sys
2011/05/17 10:56:11.0700 5056 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\windows\system32\DRIVERS\AGRSM.sys
2011/05/17 10:56:11.0770 5056 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\windows\system32\drivers\agp440.sys
2011/05/17 10:56:11.0849 5056 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\windows\system32\drivers\djsvs.sys
2011/05/17 10:56:11.0927 5056 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\windows\system32\drivers\aliide.sys
2011/05/17 10:56:12.0050 5056 amdagp (c47344bc706e5f0b9dce369516661578) C:\windows\system32\drivers\amdagp.sys
2011/05/17 10:56:12.0089 5056 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\windows\system32\drivers\amdide.sys
2011/05/17 10:56:12.0180 5056 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\windows\system32\drivers\amdk7.sys
2011/05/17 10:56:12.0222 5056 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\windows\system32\DRIVERS\amdk8.sys
2011/05/17 10:56:12.0330 5056 arc (5d2888182fb46632511acee92fdad522) C:\windows\system32\drivers\arc.sys
2011/05/17 10:56:12.0381 5056 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\windows\system32\drivers\arcsas.sys
2011/05/17 10:56:12.0520 5056 AsyncMac (53b202abee6455406254444303e87be1) C:\windows\system32\DRIVERS\asyncmac.sys
2011/05/17 10:56:12.0657 5056 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\windows\system32\drivers\atapi.sys
2011/05/17 10:56:12.0830 5056 ATSwpWDF (a9f9d1d24441889beb1aa2b917457e23) C:\windows\system32\Drivers\ATSwpWDF.sys
2011/05/17 10:56:12.0946 5056 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\windows\system32\DRIVERS\avgntflt.sys
2011/05/17 10:56:12.0997 5056 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\windows\system32\DRIVERS\avipbb.sys
2011/05/17 10:56:13.0043 5056 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/05/17 10:56:13.0104 5056 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\windows\system32\drivers\Beep.sys
2011/05/17 10:56:13.0167 5056 blbdrive (d4df28447741fd3d953526e33a617397) C:\windows\system32\drivers\blbdrive.sys
2011/05/17 10:56:13.0219 5056 bowser (35f376253f687bde63976ccb3f2108ca) C:\windows\system32\DRIVERS\bowser.sys
2011/05/17 10:56:13.0270 5056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\brfiltlo.sys
2011/05/17 10:56:13.0306 5056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\brfiltup.sys
2011/05/17 10:56:13.0365 5056 Brserid (b304e75cff293029eddf094246747113) C:\windows\system32\drivers\brserid.sys
2011/05/17 10:56:13.0414 5056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\system32\drivers\brserwdm.sys
2011/05/17 10:56:13.0453 5056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\system32\drivers\brusbmdm.sys
2011/05/17 10:56:13.0497 5056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\system32\drivers\brusbser.sys
2011/05/17 10:56:13.0539 5056 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\windows\system32\DRIVERS\BthEnum.sys
2011/05/17 10:56:13.0581 5056 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\windows\system32\drivers\bthmodem.sys
2011/05/17 10:56:13.0623 5056 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\windows\system32\DRIVERS\bthpan.sys
2011/05/17 10:56:13.0690 5056 BTHPORT (671134053d59e23704f08db19f11e10b) C:\windows\system32\Drivers\BTHport.sys
2011/05/17 10:56:13.0759 5056 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\windows\system32\Drivers\BTHUSB.sys
2011/05/17 10:56:13.0801 5056 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\windows\system32\DRIVERS\cdfs.sys
2011/05/17 10:56:13.0848 5056 cdrom (6b4bffb9becd728097024276430db314) C:\windows\system32\DRIVERS\cdrom.sys
2011/05/17 10:56:13.0908 5056 circlass (e5d4133f37219dbcfe102bc61072589d) C:\windows\system32\drivers\circlass.sys
2011/05/17 10:56:13.0960 5056 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\windows\system32\CLFS.sys
2011/05/17 10:56:14.0025 5056 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\windows\system32\DRIVERS\CmBatt.sys
2011/05/17 10:56:14.0064 5056 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\windows\system32\drivers\cmdide.sys
2011/05/17 10:56:14.0117 5056 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\windows\system32\DRIVERS\compbatt.sys
2011/05/17 10:56:14.0247 5056 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\windows\system32\drivers\crcdisk.sys
2011/05/17 10:56:14.0318 5056 Crusoe (1f07becdca750766a96cda811ba86410) C:\windows\system32\drivers\crusoe.sys
2011/05/17 10:56:14.0456 5056 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\windows\system32\drivers\csc.sys
2011/05/17 10:56:14.0578 5056 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\windows\system32\Drivers\dfsc.sys
2011/05/17 10:56:14.0668 5056 disk (5d4aefc3386920236a548271f8f1af6a) C:\windows\system32\drivers\disk.sys
2011/05/17 10:56:14.0786 5056 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\windows\system32\DRIVERS\Dot4.sys
2011/05/17 10:56:14.0845 5056 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\windows\system32\DRIVERS\Dot4Prt.sys
2011/05/17 10:56:14.0896 5056 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\windows\system32\DRIVERS\dot4usb.sys
2011/05/17 10:56:15.0042 5056 drmkaud (97fef831ab90bee128c9af390e243f80) C:\windows\system32\drivers\drmkaud.sys
2011/05/17 10:56:15.0114 5056 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\windows\System32\drivers\dxgkrnl.sys
2011/05/17 10:56:15.0164 5056 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\windows\system32\DRIVERS\E1G60I32.sys
2011/05/17 10:56:15.0216 5056 e1yexpress (76a02bc4e8008a8cbaf5cc7efb9df839) C:\windows\system32\DRIVERS\e1y6032.sys
2011/05/17 10:56:15.0280 5056 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\windows\system32\drivers\ecache.sys
2011/05/17 10:56:15.0338 5056 elxstor (23b62471681a124889978f6295b3f4c6) C:\windows\system32\drivers\elxstor.sys
2011/05/17 10:56:15.0444 5056 ErrDev (3db974f3935483555d7148663f726c61) C:\windows\system32\drivers\errdev.sys
2011/05/17 10:56:15.0546 5056 exfat (22b408651f9123527bcee54b4f6c5cae) C:\windows\system32\drivers\exfat.sys
2011/05/17 10:56:15.0618 5056 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\windows\system32\drivers\fastfat.sys
2011/05/17 10:56:15.0695 5056 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\windows\system32\DRIVERS\fdc.sys
2011/05/17 10:56:15.0785 5056 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\windows\system32\drivers\fileinfo.sys
2011/05/17 10:56:15.0833 5056 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\windows\system32\drivers\filetrace.sys
2011/05/17 10:56:15.0894 5056 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\windows\system32\DRIVERS\flpydisk.sys
2011/05/17 10:56:15.0948 5056 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\windows\system32\drivers\fltmgr.sys
2011/05/17 10:56:16.0046 5056 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\windows\system32\drivers\Fs_Rec.sys
2011/05/17 10:56:16.0102 5056 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\windows\system32\drivers\gagp30kx.sys
2011/05/17 10:56:16.0236 5056 HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\windows\system32\DRIVERS\cpqbttn.sys
2011/05/17 10:56:16.0296 5056 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\windows\system32\drivers\HdAudio.sys
2011/05/17 10:56:16.0390 5056 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/05/17 10:56:16.0468 5056 HECI (2df64415a28ce036ac6acec7645a996f) C:\windows\system32\DRIVERS\HECI.sys
2011/05/17 10:56:16.0525 5056 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\windows\system32\drivers\hidbth.sys
2011/05/17 10:56:16.0589 5056 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\windows\system32\drivers\hidir.sys
2011/05/17 10:56:16.0674 5056 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\windows\system32\DRIVERS\hidusb.sys
2011/05/17 10:56:16.0804 5056 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\windows\system32\drivers\hpcisss.sys
2011/05/17 10:56:16.0861 5056 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\windows\system32\DRIVERS\hpdskflt.sys
2011/05/17 10:56:16.0928 5056 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/17 10:56:17.0032 5056 HTTP (f870aa3e254628ebeafe754108d664de) C:\windows\system32\drivers\HTTP.sys
2011/05/17 10:56:17.0074 5056 i2omp (c6b032d69650985468160fc9937cf5b4) C:\windows\system32\drivers\i2omp.sys
2011/05/17 10:56:17.0135 5056 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\windows\system32\DRIVERS\i8042prt.sys
2011/05/17 10:56:17.0227 5056 iaStor (de7c12e59605ea7ea0cf6345afeb0f07) C:\windows\system32\drivers\iastor.sys
2011/05/17 10:56:17.0281 5056 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\windows\system32\drivers\iastorv.sys
2011/05/17 10:56:17.0486 5056 igfx (6fb1858d1f0923d122b0331865695041) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/05/17 10:56:17.0571 5056 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\windows\system32\drivers\iirsp.sys
2011/05/17 10:56:17.0784 5056 intelide (83aa759f3189e6370c30de5dc5590718) C:\windows\system32\drivers\intelide.sys
2011/05/17 10:56:17.0843 5056 intelppm (224191001e78c89dfa78924c3ea595ff) C:\windows\system32\DRIVERS\intelppm.sys
2011/05/17 10:56:17.0935 5056 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/05/17 10:56:18.0062 5056 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\windows\system32\drivers\ipmidrv.sys
2011/05/17 10:56:18.0117 5056 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\windows\system32\DRIVERS\ipnat.sys
2011/05/17 10:56:18.0166 5056 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\windows\system32\drivers\irenum.sys
2011/05/17 10:56:18.0216 5056 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\windows\system32\drivers\isapnp.sys
2011/05/17 10:56:18.0272 5056 iScsiPrt (232fa340531d940aac623b121a595034) C:\windows\system32\DRIVERS\msiscsi.sys
2011/05/17 10:56:18.0313 5056 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\windows\system32\drivers\iteatapi.sys
2011/05/17 10:56:18.0346 5056 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\windows\system32\drivers\iteraid.sys
2011/05/17 10:56:18.0396 5056 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/05/17 10:56:18.0445 5056 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\windows\system32\DRIVERS\kbdhid.sys
2011/05/17 10:56:18.0558 5056 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\windows\system32\Drivers\ksecdd.sys
2011/05/17 10:56:18.0677 5056 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\windows\system32\DRIVERS\lltdio.sys
2011/05/17 10:56:18.0795 5056 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\windows\system32\drivers\lsi_fc.sys
2011/05/17 10:56:18.0838 5056 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\windows\system32\drivers\lsi_sas.sys
2011/05/17 10:56:18.0874 5056 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\windows\system32\drivers\lsi_scsi.sys
2011/05/17 10:56:18.0910 5056 luafv (8f5c7426567798e62a3b3614965d62cc) C:\windows\system32\drivers\luafv.sys
2011/05/17 10:56:18.0938 5056 megasas (0001ce609d66632fa17b84705f658879) C:\windows\system32\drivers\megasas.sys
2011/05/17 10:56:19.0000 5056 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\windows\system32\drivers\megasr.sys
2011/05/17 10:56:19.0074 5056 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\windows\system32\drivers\modem.sys
2011/05/17 10:56:19.0112 5056 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\windows\system32\DRIVERS\monitor.sys
2011/05/17 10:56:19.0157 5056 mouclass (5bf6a1326a335c5298477754a506d263) C:\windows\system32\DRIVERS\mouclass.sys
2011/05/17 10:56:19.0193 5056 mouhid (93b8d4869e12cfbe663915502900876f) C:\windows\system32\DRIVERS\mouhid.sys
2011/05/17 10:56:19.0254 5056 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\windows\system32\drivers\mountmgr.sys
2011/05/17 10:56:19.0297 5056 mpio (511d011289755dd9f9a7579fb0b064e6) C:\windows\system32\drivers\mpio.sys
2011/05/17 10:56:19.0353 5056 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\windows\system32\drivers\mpsdrv.sys
2011/05/17 10:56:19.0399 5056 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\windows\system32\drivers\mraid35x.sys
2011/05/17 10:56:19.0456 5056 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\windows\system32\drivers\mrxdav.sys
2011/05/17 10:56:19.0529 5056 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/05/17 10:56:19.0585 5056 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/05/17 10:56:19.0635 5056 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/05/17 10:56:19.0680 5056 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\windows\system32\drivers\msahci.sys
2011/05/17 10:56:19.0733 5056 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\windows\system32\drivers\msdsm.sys
2011/05/17 10:56:19.0858 5056 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\windows\system32\drivers\Msfs.sys
2011/05/17 10:56:19.0928 5056 msisadrv (0f400e306f385c56317357d6dea56f62) C:\windows\system32\drivers\msisadrv.sys
2011/05/17 10:56:20.0019 5056 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\windows\system32\drivers\MSKSSRV.sys
2011/05/17 10:56:20.0081 5056 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\windows\system32\drivers\MSPCLOCK.sys
2011/05/17 10:56:20.0145 5056 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\windows\system32\drivers\MSPQM.sys
2011/05/17 10:56:20.0227 5056 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\windows\system32\drivers\MsRPC.sys
2011/05/17 10:56:20.0303 5056 mssmbios (e384487cb84be41d09711c30ca79646c) C:\windows\system32\DRIVERS\mssmbios.sys
2011/05/17 10:56:20.0347 5056 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\windows\system32\drivers\MSTEE.sys
2011/05/17 10:56:20.0383 5056 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\windows\system32\Drivers\mup.sys
2011/05/17 10:56:20.0548 5056 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\windows\system32\DRIVERS\nwifi.sys
2011/05/17 10:56:20.0640 5056 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\windows\system32\drivers\ndis.sys
2011/05/17 10:56:20.0726 5056 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\windows\system32\DRIVERS\ndistapi.sys
2011/05/17 10:56:20.0783 5056 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\windows\system32\DRIVERS\ndisuio.sys
2011/05/17 10:56:20.0832 5056 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/05/17 10:56:20.0967 5056 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\windows\system32\drivers\NDProxy.sys
2011/05/17 10:56:21.0070 5056 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\windows\system32\DRIVERS\netbios.sys
2011/05/17 10:56:21.0133 5056 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\windows\system32\DRIVERS\netbt.sys
2011/05/17 10:56:21.0467 5056 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\windows\system32\DRIVERS\NETw5v32.sys
2011/05/17 10:56:21.0567 5056 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\windows\system32\drivers\nfrd960.sys
2011/05/17 10:56:21.0711 5056 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\windows\system32\drivers\Npfs.sys
2011/05/17 10:56:21.0805 5056 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\windows\system32\drivers\nsiproxy.sys
2011/05/17 10:56:21.0922 5056 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\windows\system32\drivers\Ntfs.sys
2011/05/17 10:56:22.0031 5056 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\windows\system32\drivers\ntrigdigi.sys
2011/05/17 10:56:22.0061 5056 Null (c5dbbcda07d780bda9b685df333bb41e) C:\windows\system32\drivers\Null.sys
2011/05/17 10:56:22.0121 5056 nvraid (2edf9e7751554b42cbb60116de727101) C:\windows\system32\drivers\nvraid.sys
2011/05/17 10:56:22.0203 5056 nvstor (abed0c09758d1d97db0042dbb2688177) C:\windows\system32\drivers\nvstor.sys
2011/05/17 10:56:22.0301 5056 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\windows\system32\drivers\nv_agp.sys
2011/05/17 10:56:22.0470 5056 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\windows\system32\DRIVERS\ohci1394.sys
2011/05/17 10:56:22.0654 5056 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\windows\system32\DRIVERS\parport.sys
2011/05/17 10:56:22.0730 5056 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\windows\system32\drivers\partmgr.sys
2011/05/17 10:56:22.0834 5056 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\windows\system32\DRIVERS\parvdm.sys
2011/05/17 10:56:22.0908 5056 pci (941dc1d19e7e8620f40bbc206981efdb) C:\windows\system32\drivers\pci.sys
2011/05/17 10:56:23.0037 5056 pciide (1636d43f10416aeb483bc6001097b26c) C:\windows\system32\drivers\pciide.sys
2011/05/17 10:56:23.0140 5056 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\windows\system32\DRIVERS\pcmcia.sys
2011/05/17 10:56:23.0277 5056 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\windows\system32\drivers\peauth.sys
2011/05/17 10:56:23.0549 5056 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\windows\system32\DRIVERS\raspptp.sys
2011/05/17 10:56:23.0598 5056 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\windows\system32\drivers\processr.sys
2011/05/17 10:56:23.0709 5056 PSched (99514faa8df93d34b5589187db3aa0ba) C:\windows\system32\DRIVERS\pacer.sys
2011/05/17 10:56:23.0901 5056 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\windows\system32\drivers\ql2300.sys
2011/05/17 10:56:23.0951 5056 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\windows\system32\drivers\ql40xx.sys
2011/05/17 10:56:24.0024 5056 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\windows\system32\drivers\qwavedrv.sys
2011/05/17 10:56:24.0067 5056 RasAcd (147d7f9c556d259924351feb0de606c3) C:\windows\system32\DRIVERS\rasacd.sys
2011/05/17 10:56:24.0118 5056 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/05/17 10:56:24.0180 5056 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\windows\system32\DRIVERS\raspppoe.sys
2011/05/17 10:56:24.0214 5056 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\windows\system32\DRIVERS\rassstp.sys
2011/05/17 10:56:24.0265 5056 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\windows\system32\DRIVERS\rdbss.sys
2011/05/17 10:56:24.0307 5056 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/05/17 10:56:24.0368 5056 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\windows\system32\DRIVERS\rdpdr.sys
2011/05/17 10:56:24.0411 5056 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\windows\system32\drivers\rdpencdd.sys
2011/05/17 10:56:24.0479 5056 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\windows\system32\drivers\RDPWD.sys
2011/05/17 10:56:24.0549 5056 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\windows\system32\DRIVERS\rfcomm.sys
2011/05/17 10:56:24.0631 5056 rimmptsk (1ae404944293c90ad690c5a0c4e9c75e) C:\windows\system32\DRIVERS\rimmptsk.sys
2011/05/17 10:56:24.0683 5056 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) C:\windows\system32\DRIVERS\rismc32.sys
2011/05/17 10:56:24.0776 5056 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\windows\system32\DRIVERS\rspndr.sys
2011/05/17 10:56:24.0840 5056 RsvLock (c0ef0f85c03e57686973932b6e46b172) C:\windows\system32\drivers\RsvLock.sys
2011/05/17 10:56:25.0032 5056 SafeBoot (b48c00f75e7afcd122abb2ad87dfd270) C:\windows\system32\drivers\SafeBoot.sys
2011/05/17 10:56:25.0032 5056 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: b48c00f75e7afcd122abb2ad87dfd270
2011/05/17 10:56:25.0050 5056 SafeBoot - detected LockedFile.Multi.Generic (1)
2011/05/17 10:56:25.0135 5056 SbAlg (5f1a459d5dd0feafb430328123be2836) C:\windows\system32\drivers\SbAlg.sys
2011/05/17 10:56:25.0216 5056 SbFsLock (10cc92eab610dfe1e5bd68a38c76256b) C:\windows\system32\drivers\SbFsLock.sys
2011/05/17 10:56:25.0272 5056 sbp2port (3ce8f073a557e172b330109436984e30) C:\windows\system32\drivers\sbp2port.sys
2011/05/17 10:56:25.0395 5056 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\windows\system32\DRIVERS\sdbus.sys
2011/05/17 10:56:25.0455 5056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/05/17 10:56:25.0521 5056 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\windows\system32\DRIVERS\serenum.sys
2011/05/17 10:56:25.0580 5056 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\windows\system32\DRIVERS\serial.sys
2011/05/17 10:56:25.0649 5056 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\windows\system32\drivers\sermouse.sys
2011/05/17 10:56:25.0797 5056 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\windows\system32\drivers\sffdisk.sys
2011/05/17 10:56:25.0866 5056 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\windows\system32\drivers\sffp_mmc.sys
2011/05/17 10:56:25.0932 5056 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\windows\system32\drivers\sffp_sd.sys
2011/05/17 10:56:26.0003 5056 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\windows\system32\drivers\sfloppy.sys
2011/05/17 10:56:26.0122 5056 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\windows\system32\drivers\sisagp.sys
2011/05/17 10:56:26.0183 5056 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\windows\system32\drivers\sisraid2.sys
2011/05/17 10:56:26.0257 5056 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\windows\system32\drivers\sisraid4.sys
2011/05/17 10:56:26.0365 5056 Smb (7b75299a4d201d6a6533603d6914ab04) C:\windows\system32\DRIVERS\smb.sys
2011/05/17 10:56:26.0525 5056 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\windows\system32\DRIVERS\snp2uvc.sys
2011/05/17 10:56:26.0599 5056 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\windows\system32\drivers\spldr.sys
2011/05/17 10:56:26.0706 5056 srv (41987f9fc0e61adf54f581e15029ad91) C:\windows\system32\DRIVERS\srv.sys
2011/05/17 10:56:26.0776 5056 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\windows\system32\DRIVERS\srv2.sys
2011/05/17 10:56:26.0855 5056 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\windows\system32\DRIVERS\srvnet.sys
2011/05/17 10:56:26.0927 5056 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
2011/05/17 10:56:27.0013 5056 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\windows\system32\DRIVERS\swenum.sys
2011/05/17 10:56:27.0086 5056 Symc8xx (192aa3ac01df071b541094f251deed10) C:\windows\system32\drivers\symc8xx.sys
2011/05/17 10:56:27.0136 5056 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\windows\system32\drivers\sym_hi.sys
2011/05/17 10:56:27.0251 5056 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\windows\system32\drivers\sym_u3.sys
2011/05/17 10:56:27.0382 5056 SynTP (f5d926807bd9bc0af68f9376144de425) C:\windows\system32\DRIVERS\SynTP.sys
2011/05/17 10:56:27.0532 5056 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\drivers\tcpip.sys
2011/05/17 10:56:27.0785 5056 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\DRIVERS\tcpip.sys
2011/05/17 10:56:27.0938 5056 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\windows\system32\drivers\tcpipreg.sys
2011/05/17 10:56:27.0989 5056 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\windows\system32\drivers\tdpipe.sys
2011/05/17 10:56:28.0040 5056 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\windows\system32\drivers\tdtcp.sys
2011/05/17 10:56:28.0122 5056 tdx (76b06eb8a01fc8624d699e7045303e54) C:\windows\system32\DRIVERS\tdx.sys
2011/05/17 10:56:28.0196 5056 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\windows\system32\DRIVERS\termdd.sys
2011/05/17 10:56:28.0276 5056 TPM (cb258c2f726f1be73c507022be33ebb3) C:\windows\system32\drivers\tpm.sys
2011/05/17 10:56:28.0357 5056 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/05/17 10:56:28.0407 5056 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\windows\system32\DRIVERS\tunmp.sys
2011/05/17 10:56:28.0448 5056 tunnel (119b8184e106baedc83fce5ddf3950da) C:\windows\system32\DRIVERS\tunnel.sys
2011/05/17 10:56:28.0497 5056 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\windows\system32\drivers\uagp35.sys
2011/05/17 10:56:28.0548 5056 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\windows\system32\DRIVERS\udfs.sys
2011/05/17 10:56:28.0634 5056 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\windows\system32\drivers\uliagpkx.sys
2011/05/17 10:56:28.0678 5056 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\windows\system32\drivers\uliahci.sys
2011/05/17 10:56:28.0711 5056 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\windows\system32\drivers\ulsata.sys
2011/05/17 10:56:28.0756 5056 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\windows\system32\drivers\ulsata2.sys
2011/05/17 10:56:28.0803 5056 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\windows\system32\DRIVERS\umbus.sys
2011/05/17 10:56:28.0929 5056 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\windows\system32\DRIVERS\usbccgp.sys
2011/05/17 10:56:29.0010 5056 usbcir (e9476e6c486e76bc4898074768fb7131) C:\windows\system32\drivers\usbcir.sys
2011/05/17 10:56:29.0101 5056 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\windows\system32\DRIVERS\usbehci.sys
2011/05/17 10:56:29.0220 5056 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\windows\system32\DRIVERS\usbhub.sys
2011/05/17 10:56:29.0288 5056 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\windows\system32\DRIVERS\usbohci.sys
2011/05/17 10:56:29.0392 5056 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\windows\system32\DRIVERS\usbprint.sys
2011/05/17 10:56:29.0469 5056 usbscan (a508c9bd8724980512136b039bba65e9) C:\windows\system32\DRIVERS\usbscan.sys
2011/05/17 10:56:29.0554 5056 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/05/17 10:56:29.0634 5056 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\windows\system32\DRIVERS\usbuhci.sys
2011/05/17 10:56:29.0695 5056 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\windows\system32\Drivers\usbvideo.sys
2011/05/17 10:56:29.0793 5056 vga (87b06e1f30b749a114f74622d013f8d4) C:\windows\system32\DRIVERS\vgapnp.sys
2011/05/17 10:56:29.0883 5056 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\windows\System32\drivers\vga.sys
2011/05/17 10:56:29.0933 5056 viaagp (5d7159def58a800d5781ba3a879627bc) C:\windows\system32\drivers\viaagp.sys
2011/05/17 10:56:29.0999 5056 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\windows\system32\drivers\viac7.sys
2011/05/17 10:56:30.0088 5056 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\windows\system32\drivers\viaide.sys
2011/05/17 10:56:30.0132 5056 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\windows\system32\drivers\volmgr.sys
2011/05/17 10:56:30.0218 5056 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\windows\system32\drivers\volmgrx.sys
2011/05/17 10:56:30.0267 5056 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\windows\system32\drivers\volsnap.sys
2011/05/17 10:56:30.0317 5056 vsmraid (587253e09325e6bf226b299774b728a9) C:\windows\system32\drivers\vsmraid.sys
2011/05/17 10:56:30.0714 5056 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\windows\system32\drivers\wacompen.sys
2011/05/17 10:56:30.0860 5056 Wanarp (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
2011/05/17 10:56:30.0897 5056 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
2011/05/17 10:56:31.0049 5056 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\windows\system32\drivers\wd.sys
2011/05/17 10:56:31.0247 5056 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\windows\system32\drivers\Wdf01000.sys
2011/05/17 10:56:31.0570 5056 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/05/17 10:56:31.0704 5056 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\windows\system32\drivers\ws2ifsl.sys
2011/05/17 10:56:31.0841 5056 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/05/17 10:56:32.0015 5056 ================================================================================
2011/05/17 10:56:32.0015 5056 Scan finished
2011/05/17 10:56:32.0015 5056 ================================================================================
2011/05/17 10:56:32.0064 5088 Detected object count: 1
2011/05/17 10:59:20.0239 5088 SafeBoot (b48c00f75e7afcd122abb2ad87dfd270) C:\windows\system32\drivers\SafeBoot.sys
2011/05/17 10:59:20.0239 5088 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: b48c00f75e7afcd122abb2ad87dfd270
2011/05/17 10:59:20.0249 5088 C:\windows\system32\drivers\SafeBoot.sys - copied to quarantine
2011/05/17 10:59:20.0258 5088 LockedFile.Multi.Generic(SafeBoot) - User select action: Quarantine
2011/05/17 10:59:49.0055 7532 Deinitialize success
Phileas
Active Member
 
Posts: 11
Joined: April 14th, 2011, 11:39 am

Re: babylon-tool

Unread postby Scolabar » May 18th, 2011, 5:32 am

Hi Phileas,

Thank you for the update and log file. :thumbright:

Please can you avoid running tools more than once, unless otherwise instructed to do so, as this could lead to problems and also means it will take longer to deal with the logs. ;)

Please read the instructions below carefully before executing and perform the steps, in the order given, and before we proceed please make sure any open programs are closed.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Step 1:
SystemLook

  1. Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
    Alternate download site.
  2. Double-click on SystemLook.exe to run the program.
    Vista - W7 users: Right-click on SystemLook.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
    If you receive an Open file - security warning asking "Do you want to run this file?" click on the Run button to continue.
  3. Copy and Paste the text in the code box below into SystemLook's main text entry window:
    Code: Select all
    :filefind
    safeboot.sys
  4. Click on the Look button to start the scan.
    When SystemLook has completed its task a Notepad window will open showing the results of the scan.
    A log file will be created on your Desktop named SystemLook.txt.
  5. Please post the contents of the SystemLook.txt file in your next reply.

Step 2:
Rkill

Firstly we will try to stop any active rogue processes that may interfere with the cleanup attempt:

  1. Please download Rkill by Grinler. Save it to your Desktop.
    Alternate download links are available as follows: Two, Three or Four.
    Note: If your security software warns about Rkill, please ignore and allow the download to continue.
  2. Double-click on the Rkill Desktop icon.
    Vista - W7 users: Right-click on the Rkill Desktop icon and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. A command window will open then disappear upon completion, this is normal.
    • If this does not happen, delete the file, then download and use the next alternative link provided.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    Do not reboot your machine until asked to do so. If no version of Rkill would run, please let me know.
  4. When finished, Notepad will open with a log file, automatically saved at C:\rkill.log.
  5. Copy and Paste the entire contents of the rkill.log file into your next reply.
    Note: Please leave Rkill on the Desktop unless instructed otherwise.
Note: If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software, trying to "protect" itself from being terminated or removed. If you see such a warning, leave the warning on the screen, then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself, so that Rkill can perform its routine.

Step 3:
ComboFix

Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

If you have previously downloaded ComboFix please delete that version and download it again. This tool is frequently updated.

  1. Please download ImageComboFix.exe by © sUBs and save it to your Desktop. <<--- IMPORTANT!!
    Alternate download sites are available: here or here.
  2. Please disable any Anti-Virus, Anti-Spyware and Firewall programs you have active, as shown in this topic. Please close all open application windows.
    Note: ** Only ** when the above two items in Step 2 have been dealt with should you proceed with the following steps:
  3. Double-click on Combofix.exe to start the program. If you receive the "Open File - Security Warning" message click on the Run button.
    Vista - W7 users: Right-click on Combofix.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  4. Reply Yes to the Disclaimer prompt.
    The ComboFix program screen will appear indicating the program is preparing to run. ComboFix will then by begin creating a System Restore Point and then backup your Registry.
  5. If not already installed reply Yes to the Install Recovery Console prompt.
  6. Reply Yes to the Recovery Console installation results prompt and even if unsuccessful please allow ComboFix to continue the scan.
    Note: Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
  7. ComboFix will disconnect you from the Internet, may cause your desktop to disappear and also change your clock settings. This is normal, so please don't worry. They will be restored when finished. The ComboFix window data will update as the various "Stages" are completed.
    ComboFix disables the autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
  8. When the program has finished ComboFix will produce a log file called log.txt which will automatically open in Notepad.
  9. Please Copy and Paste the entire contents of the log.txt file into your next reply.

** REMEMBER ** Re-Enable your Antivirus, Anti-Spyware and Firewall programs before reconnecting to the Internet!

Step 4:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. SystemLook.txt.
  3. rkill.log.
  4. log.txt.
  5. How is your computer now running?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: babylon-tool

Unread postby Phileas » May 19th, 2011, 8:38 am

Hello again, Scolabar, ;-)

1. I was able to follow your instructions. There was one difficult situation: After combofix has ended and automatically restartet (the logfile had already appeared) and I tried to open the explorer - nothing went. I couldn't open any program, I had to notice. Only possibility was to reboot, which was possible whitout problem. After restarting the computer, now everything seems to go well. Besides, the log-file is not saved as "log.txt", as your instructions assume, but as "combofix".

2. Systemlook.txt-Log
SystemLook 04.09.10 by jpshortstuff
Log created at 12:29 on 19/05/2011 by Philipp
Administrator - Elevation successful

========== filefind ==========

Searching for "safeboot.sys"
C:\Windows\System32\drivers\SafeBoot.sys --a---- 109184 bytes [00:08 06/06/2008] [00:08 06/06/2008] (Unable to calculate MD5)

-= EOF =-


3.rkill-log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 19.05.2011 at 12:32:36.
Operating System: Windows Vista (TM) Business


Processes terminated by Rkill or while it was running:

C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\grpconv.exe

Rkill completed on 19.05.2011 at 12:33:00.


ComboFix 11-05-18.03 - Philipp 19.05.2011 12:52:54.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.41.1031.18.2971.1473 [GMT 2:00]
ausgeführt von:: c:\users\Philipp\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-19 bis 2011-05-19 ))))))))))))))))))))))))))))))
.
.
2011-05-19 11:33 . 2011-05-19 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-19 05:51 . 2011-05-19 05:51 -------- d-----w- c:\users\Philipp\AppData\Local\{3C6DAA8A-910C-4880-8226-EE81C25A831E}
2011-05-18 12:13 . 2011-05-18 12:13 -------- d-----w- c:\users\Philipp\AppData\Local\{FE70A6A6-5AE5-4E03-A749-9BB2CBAE12E4}
2011-05-18 08:16 . 2011-05-18 08:16 -------- d-----w- c:\users\Philipp\AppData\Local\{BC808EAC-A18E-4231-B760-E58C61A5839A}
2011-05-17 19:43 . 2011-05-17 19:43 -------- d-----w- c:\users\Philipp\AppData\Local\{D374FD09-8A8C-4A2C-910C-37473444B798}
2011-05-17 08:59 . 2011-05-17 08:59 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-17 08:51 . 2011-05-17 08:52 -------- d-----w- c:\program files\ERUNT
2011-05-17 07:42 . 2011-05-17 07:43 -------- d-----w- c:\users\Philipp\AppData\Local\{B440445D-F502-4136-9704-3F6342C8FC90}
2011-05-16 19:41 . 2011-05-16 19:42 -------- d-----w- c:\users\Philipp\AppData\Local\{872EE29E-539A-4C73-B359-3C138D6BB64F}
2011-05-16 07:41 . 2011-05-16 07:41 -------- d-----w- c:\users\Philipp\AppData\Local\{516354AD-9B24-4AD6-BF90-1BBFFDD91FB3}
2011-05-15 19:40 . 2011-05-15 19:40 -------- d-----w- c:\users\Philipp\AppData\Local\{8BAF488A-A3DC-435F-9520-963DBD2A0A15}
2011-05-15 08:25 . 2011-05-15 08:25 -------- d-----w- c:\users\Philipp\AppData\Local\GermaniXSoft
2011-05-15 07:39 . 2011-05-15 07:39 -------- d-----w- c:\users\Philipp\AppData\Local\{384A3784-1C43-4FD6-A604-EC54AEFD7681}
2011-05-14 12:02 . 2011-05-14 12:02 -------- d-----w- c:\users\Philipp\AppData\Local\{9CE524C5-2233-40C4-A420-7087F53BDAD5}
2011-05-14 00:01 . 2011-05-14 00:01 -------- d-----w- c:\users\Philipp\AppData\Local\{329D66A6-DE53-4827-8DAE-5D0373289E36}
2011-05-13 05:37 . 2011-05-13 05:37 -------- d-----w- c:\users\Philipp\AppData\Local\{226942BE-6825-494C-8B36-D077A5999FEE}
2011-05-12 17:36 . 2011-05-12 17:36 -------- d-----w- c:\users\Philipp\AppData\Local\{95933ECE-5189-4B3C-A328-86DB983B70F5}
2011-05-12 13:09 . 2011-05-12 13:13 -------- d-----w- C:\MGADiagToolOutput
2011-05-12 13:09 . 2011-05-12 13:09 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-05-12 05:35 . 2011-05-12 05:35 -------- d-----w- c:\users\Philipp\AppData\Local\{57A67C92-492F-41F8-8CB6-8723E6D4DF12}
2011-05-11 15:33 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-11 05:35 . 2011-05-11 17:35 -------- d-----w- c:\users\Philipp\AppData\Local\{D4C21162-BCF5-4E34-A131-DE65091045D5}
2011-05-10 15:45 . 2011-05-10 15:45 -------- d-----w- c:\users\Philipp\AppData\Local\{E93AD785-12DB-472F-8E23-80F51FA6C469}
2011-05-09 21:24 . 2011-05-09 21:25 -------- d-----w- c:\users\Philipp\AppData\Local\{EC5201D1-5737-4368-BD6D-90D4A056B292}
2011-05-09 09:24 . 2011-05-09 09:24 -------- d-----w- c:\users\Philipp\AppData\Local\{35DEF1E9-0E6E-41F6-B3E9-C4B6C62CEF78}
2011-05-08 21:23 . 2011-05-08 21:23 -------- d-----w- c:\users\Philipp\AppData\Local\{EBBC4598-9B9A-4239-8D54-E82DF9F7B59B}
2011-05-08 09:22 . 2011-05-08 09:22 -------- d-----w- c:\users\Philipp\AppData\Local\{55243753-62D3-4D82-BEB2-144B337813CB}
2011-05-07 20:36 . 2011-05-07 20:36 -------- d-----w- c:\users\Philipp\AppData\Local\{19B380A7-9BA2-48E2-A2E7-2DDC31083647}
2011-05-07 08:35 . 2011-05-07 08:35 -------- d-----w- c:\users\Philipp\AppData\Local\{3BF83629-AC81-4F76-A823-6E1529C46027}
2011-05-06 20:34 . 2011-05-06 20:35 -------- d-----w- c:\users\Philipp\AppData\Local\{69FE3C35-5A25-4047-881D-9A5924060978}
2011-05-06 06:23 . 2011-05-06 06:24 -------- d-----w- c:\users\Philipp\AppData\Local\{A68BE7BA-CEB3-44A8-ABC7-4788D3566F3D}
2011-05-05 18:23 . 2011-05-05 18:23 -------- d-----w- c:\users\Philipp\AppData\Local\{744CD5B7-3844-4EC3-A2AC-C3D88F8BA530}
2011-05-05 06:22 . 2011-05-05 06:23 -------- d-----w- c:\users\Philipp\AppData\Local\{47544549-B458-4BCD-8DD6-89214304D5CF}
2011-05-04 18:22 . 2011-05-04 18:22 -------- d-----w- c:\users\Philipp\AppData\Local\{2DD8E86C-0DDF-4F61-A6FA-5694D9F003D5}
2011-05-04 06:21 . 2011-05-04 06:21 -------- d-----w- c:\users\Philipp\AppData\Local\{8F5A314E-2FF2-41AB-9A9F-14F8CA6F37A0}
2011-05-03 07:06 . 2011-05-03 07:06 -------- d-----w- c:\users\Philipp\AppData\Local\{2BDD7B91-384E-443D-9752-8A871E420EF6}
2011-05-02 20:04 . 2011-05-02 20:04 -------- d-----w- c:\program files\Basement Softworks
2011-05-02 19:43 . 2011-05-02 19:59 -------- d-----w- c:\users\Philipp\AppData\Roaming\VUPlayer
2011-05-02 19:35 . 2011-05-02 19:35 -------- d-----w- c:\program files\VUPlayer
2011-05-02 19:05 . 2011-05-02 19:06 -------- d-----w- c:\users\Philipp\AppData\Local\{69EBFB71-93D8-4243-8F17-7D00231D65F4}
2011-05-02 07:01 . 2011-05-02 07:03 -------- d-----w- c:\users\Philipp\AppData\Local\{B945BF65-3582-480D-92A0-40662E29B868}
2011-05-01 06:57 . 2011-05-01 18:59 -------- d-----w- c:\users\Philipp\AppData\Local\{B4AA351B-457A-4521-818B-12983D2A43E5}
2011-04-29 05:32 . 2011-04-29 05:34 -------- d-----w- c:\users\Philipp\AppData\Local\{4BE38730-5B12-496F-8721-F662F047A3C4}
2011-04-28 06:58 . 2011-04-28 07:00 -------- d-----w- c:\users\Philipp\AppData\Local\{6C67ED5E-5C93-417E-AD86-07E62C3E6CAF}
2011-04-28 06:06 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 06:06 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 06:06 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 06:54 . 2011-04-27 18:55 -------- d-----w- c:\users\Philipp\AppData\Local\{C9405EF2-960B-4343-8D1D-B7DA7574ADA4}
2011-04-26 05:54 . 2011-04-26 17:56 -------- d-----w- c:\users\Philipp\AppData\Local\{691724A9-46B6-4AA1-A44A-EE3E8603529B}
2011-04-25 20:58 . 2011-04-25 20:58 -------- d-----w- c:\users\Philipp\AppData\Local\{F94D741F-2F80-40B4-AB23-42E11869704A}
2011-04-25 08:17 . 2011-04-25 08:19 -------- d-----w- c:\users\Philipp\AppData\Local\{167B242C-DA53-415D-B6F1-CA633D4691E1}
2011-04-23 12:08 . 2011-04-24 13:02 -------- d-----w- c:\users\Philipp\AppData\Local\{718228F7-EBD4-42F5-B0F1-4DCE60EFE18C}
2011-04-22 06:18 . 2011-04-22 06:20 -------- d-----w- c:\users\Philipp\AppData\Local\{7B47CB0D-C644-428B-B57E-212CF8364C37}
2011-04-21 10:04 . 2011-04-21 10:06 -------- d-----w- c:\users\Philipp\AppData\Local\{BAA79C2A-FD8D-4506-82B2-3339DC27F777}
2011-04-21 04:58 . 2011-04-21 04:58 -------- d-----w- c:\users\Philipp\AppData\Local\{484277F2-6E4F-4F93-BE7A-CEE60B507FF5}
2011-04-20 08:14 . 2011-04-20 08:14 -------- d-----w- c:\users\Philipp\AppData\Local\{F7EA49DC-FEB3-445E-9E3E-6512DEBA421F}
2011-04-19 18:48 . 2011-04-19 18:48 -------- d-----w- c:\users\Philipp\AppData\Local\{17372850-9965-4BB0-BF00-C3A55ED83CA9}
2011-04-19 16:19 . 2011-04-19 16:19 -------- d-----w- c:\program files\Conduit
2011-04-19 16:19 . 2011-04-19 16:19 -------- d-----w- c:\program files\Softonic_Deutsch_FF
2011-04-19 16:18 . 2011-04-19 16:18 -------- d-----w- c:\program files\FreeTime
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-04 19:10 . 2011-04-04 19:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-17 20:30 . 2010-10-13 11:54 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-10 17:03 . 2011-04-15 05:47 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 05:47 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 22:29 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:42 . 2011-04-15 05:45 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 06:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 06:06 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 06:06 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 06:06 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-15 05:46 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 05:49 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13 . 2011-03-24 00:24 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-24 00:24 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-24 00:24 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:24 . 2011-04-15 05:48 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24 . 2011-04-15 05:48 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23 . 2011-04-15 05:48 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23 . 2011-04-15 05:48 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-22 06:21 . 2011-04-15 05:48 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17 . 2011-04-15 05:48 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16 . 2011-04-15 05:48 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16 . 2011-04-15 05:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16 . 2011-04-15 05:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20 . 2011-04-15 05:48 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43 . 2011-04-15 05:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42 . 2011-04-15 05:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 14:03 . 2011-04-15 05:47 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-18 14:03 . 2011-04-15 05:47 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-18 14:03 . 2011-04-15 05:47 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\program files\Softonic_Deutsch_FF\tbSoft.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d81af43-de53-48d0-a199-42c2a226b24c}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Softonic_Deutsch_FF\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\program files\Softonic_Deutsch_FF\tbSoft.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9D81AF43-DE53-48D0-A199-42C2A226B24C}"= "c:\program files\Softonic_Deutsch_FF\tbSoft.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-20 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-06-03 367128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-20 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-20 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-20 145944]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-4 24172208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-15 1176824]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-10 18944]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-06-06 256512]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-08 24936]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-06-03 2058776]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-05-15 475520]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-03-27 224384]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 18:31]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 18:31]
.
2011-05-18 c:\windows\Tasks\User_Feed_Synchronization-{CB254BC6-AF58-410C-B621-B7AA08168421}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://webmail.uzh.ch/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-CH\local\search.html
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://idlmail08.lotus.uzh.ch/dwa85W.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
AddRemove-Fast MIDI to MP3 Converter_is1 - c:\program files\Fast MIDI to MP3 Converter\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 13:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-285388904-2522916759-3500499248-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0054B2E5-E700-4D2F-1C20-F62851EE8DD9}*]
@Allowed: (Read) (RestrictedCode)
"iadljjbbiaflmapjnb"=hex:6b,61,65,69,6f,66,6a,61,69,6e,70,6d,61,69,6e,62,69,6b,
6b,64,67,62,00,00
"hajkdeipajkmjgid"=hex:6b,61,65,69,6f,66,6a,61,69,6e,70,6d,61,69,6e,62,69,6b,
6b,64,67,62,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3728)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WerCon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-19 13:52:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-05-19 11:52
.
Vor Suchlauf: 11 Verzeichnis(se), 55.563.382.784 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 55.144.652.800 Bytes frei
.
- - End Of File - - 02B119999F414697AD358EDCBE599170



5. There is no change obvious for me: Still, now opened Internet-Sites are showing the "babylon-search". There seems still to be something on the Computer, which isn't supposed to be here. Perhaps you have another idea? Thanks a lot for taking you time!

Greets

Phil
Phileas
Active Member
 
Posts: 11
Joined: April 14th, 2011, 11:39 am

Re: babylon-tool

Unread postby Scolabar » May 20th, 2011, 4:35 pm

Hi Phileas,

Thank you for the latest log and apologies for the confusion over the log file. :thumbright:

As before, please read the instructions below carefully before executing and perform the steps, in the order given, and before we proceed please make sure any open programs are closed.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Step 1:
Re-Run ERUNT

Please backup the registry with ERUNT again.

Step 2:
ComboFix - CFScript

WARNING!
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System thereby preventing it from starting again!


You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

  1. Click on Start > Run.
  2. In the text entry box type:
      Notepad
  3. Then click on the OK button.
  4. This will open an empty Notepad file.
  5. Copy and Paste the contents of the box below into the Notepad window:
    Code: Select all
    KillAll::
    
    RegLock::
    [HKEY_USERS\S-1-5-21-285388904-2522916759-3500499248-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0054B2E5-E700-4D2F-1C20-F62851EE8DD9}*]
    
    DDS::
    BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarTlbr.dll
    mRun: [BabylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
    
    Folder::
    c:\program files\babylontoolbar
    c:\program files\conduitengine
    c:\program files\softonic_deutsch_ff
    
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{9d81af43-de53-48d0-a199-42c2a226b24c}"=-
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d81af43-de53-48d0-a199-42c2a226b24c}]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{9d81af43-de53-48d0-a199-42c2a226b24c}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{9D81AF43-DE53-48D0-A199-42C2A226B24C}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    
    [-HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
    
    [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    
    
  6. Save the file to your desktop as CFScript.txt
  7. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  8. Drag the CFScript.txt (icon) onto the ComboFix.exe icon as shown in the image below:

    Image

    This will cause ComboFix to run again.
    Note: Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    Do Not touch your computer when ComboFix is running!
  9. When the program has finished ComboFix will produce a log file called combofix.txt which will automatically open in Notepad.
  10. Please Copy and Paste the entire contents of the combofix.txt file into your next reply.

** REMEMBER ** Re-Enable your Antivirus, Anti-Spyware and Firewall programs before reconnecting to the Internet!

Step 3:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. combofix.txt.
  3. How is your computer now running?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: babylon-tool

Unread postby Phileas » May 24th, 2011, 1:44 am

Hello Scolabar,
I'm sorry, but already your first Step (Re-run Erunt) seems not to work. I try now to translate (from German) what the program says, if I try to run erunt:
1) The first pop-up Window asks as usual where to save the registry datas an suggests a folder (C:/windows/ERDNT/24.05.2011). The first to check-boxes (safe options) are checked as they were the first time. I click now "OK".
2) Next pop-up appears with a question: "This folder doesn't exists: C:/windows/ERDNT/24.05.2011. Create?" I klick "Yes".
3) Next pop-up: File can not be created: C:/windows/ERDNT/24.05.2011. Saving the registry is continued but there aren't any backupinformations saved for the program ERDNT. Therefore, the registry can later only be restored manually, by re-copying the files under another operating system." And there is a ok-button. When I push that one:
4) The saving-Process is started, but there appears a new window: "By securing the file C:/window/ERDNT/24.05.2011/security there was a mistake! Continuing with the next file? [RegCreateKeyEx: 5 -access denied]

I tried to save in another folder instead of "24.05.2011". There was the same problem.

Any suggestions? ;-) thanks a lot!

Phil
Phileas
Active Member
 
Posts: 11
Joined: April 14th, 2011, 11:39 am

Re: babylon-tool

Unread postby Scolabar » May 24th, 2011, 8:32 am

Hi Phileas,

That error occurs when you try to run ERUNT from an account without administrative privileges. ;)
Note: All of the steps provided will require you to be logged into an account with administrative privileges, unless otherwise specified.

Please can you log out of the account you are currently in and log back into an account with administrative privileges.

Then proceed with the steps in my last post. :)

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: babylon-tool

Unread postby Scolabar » May 27th, 2011, 8:26 am

Hi Phileas,

This is just reminder that you haven't replied to my last set of instructions posted on Tuesday.
Do you still require assistance with your computer malware issues?

If I don't hear back from you by the end of today in line with forum policy I arrange to have this topic closed.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: babylon-tool

Unread postby deltalima » May 28th, 2011, 11:49 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware