PUP.Optional.Babylon.A

Started by Evenshade, March 31, 2014, 11:54:57 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Evenshade

March 31, 2014, 11:54:57 PM
This malware appeared on my computer when I downloaded from Softonic, I think.  When I run Malwarebytes Anti-malware, I quarantine them but they keep appearing.  Before I read your "pre-post" rules, I downloaded revo-uninstaller, but I do not see it on my program list when I tried to uninstall.  I do, however, find it when I do a search for it on my computer. Thank you in advance for your help. 

Pam Mastin
Greenville NC

Here are my logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Mastin at 19:37:16 on 2014-03-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.10220.7814 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\SmartHookTestApp.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~2\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101385&mntrId=e44887ab000000000000ac8112dbc6b0&tt=290312_bexdll
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Spotify Web Helper] "C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spotify] "C:\Users\Mastin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
StartupFolder: C:\Users\Mastin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DUALSM~1.LNK - C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{B898D80F-8E78-4C94-A9E6-0674539C6F62} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C5D45449-1E20-425D-B37A-A1FAD7392BE6} : DHCPNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{F49EFEB7-ECAF-425E-9776-487242DD6301} : NameServer = 100.100.100.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/privatepage/1#Forums_and_Blogs|https://mail.google.com/mail/u/0/?pli=1#inbox/144d118cf8faad87|https://www.google.com/calendar/render?pli=1&gsessionid=kqqDpKZlgklGtJ8-wBlZWg|http://classic.wunderground.com/cgi-bin/findweather/getForecast?query=27879|http://www.aol.com/|http://www.weightwatchers.com/templates/gateway/lpgateway_sub_wide_dyn_2col.aspx?pageid=1112451|https://mail.google.com/mail/u/1/?ui=2#sent/144dfaf0ef1a16f7
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - e44887ab000000000000ac8112dbc6b0
FF - user.js: extensions.BabylonToolbar_i.hardId - e44887ab000000000000ac8112dbc6b0
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15430
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:43:54
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101385
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-9 89600]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-7-17 161064]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-24 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-24 857912]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-5 378472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-9 2656536]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-31 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-24 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-3-24 63192]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-9 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-1-9 131656]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-1-9 399944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-1-9 31152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-15 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-8 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-15 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-31 13:01:50   10521840   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{36F71D24-AC5F-48D9-B9C6-7196168A9B5E}\mpengine.dll
2014-03-30 19:18:05   --------   d-----w-   C:\ProgramData\CDB
2014-03-30 19:17:33   --------   d-----w-   C:\rei
2014-03-30 11:37:31   10521840   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-29 18:24:49   1031560   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{242949C7-3BD8-4626-A141-BDEA83DC9F63}\gapaengine.dll
2014-03-26 00:47:08   --------   d-----w-   C:\Users\Mastin\AppData\Local\{95B1E2BB-D155-464C-AB8E-CB916FA7AC05}
2014-03-25 02:23:19   119512   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-25 02:23:06   88280   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-25 02:23:06   63192   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-03-25 02:23:06   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-24 23:13:35   --------   d-----w-   C:\Users\Mastin\AppData\Roaming\OpenOffice
2014-03-24 23:12:46   --------   d-----w-   C:\Program Files (x86)\OpenOffice 4
2014-03-17 00:49:32   --------   d-----w-   C:\Users\Mastin\AppData\Local\{4BF3C7EE-89A2-4971-AC3B-67FB583912D8}
2014-03-15 21:15:39   --------   d-----w-   C:\Users\Mastin\AppData\Local\{D09075AF-4FA6-48B5-AC92-72F6D62C5341}
2014-03-15 21:14:47   15712   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\983aec011cf409303\MeshBetaRemover.exe
2014-03-15 21:14:42   89944   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\9527fb2b1cf409302\DSETUP.dll
2014-03-15 21:14:42   537432   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\9527fb2b1cf409302\DXSETUP.exe
2014-03-15 21:14:42   1801048   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\9527fb2b1cf409302\dsetup32.dll
2014-03-15 18:42:30   --------   d-----w-   C:\Users\Mastin\AppData\Local\{452E0BAD-7492-4852-AB97-45566C48F11D}
2014-03-12 23:47:58   624128   ----a-w-   C:\Windows\System32\qedit.dll
2014-03-12 23:47:58   509440   ----a-w-   C:\Windows\SysWow64\qedit.dll
2014-03-12 23:47:45   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2014-03-12 23:47:45   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-08 13:57:06   792576   ----a-w-   C:\Windows\SysWow64\TSWorkspace.dll
2014-03-08 13:57:06   1030144   ----a-w-   C:\Windows\System32\TSWorkspace.dll
.
==================== Find3M  ====================
.
2014-03-12 19:10:11   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 19:10:11   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-11 13:52:30   133928   ----a-w-   C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-05 13:26:04   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-03-01 05:17:02   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59   708608   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33   5768704   ----a-w-   C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35   553472   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11   2041856   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15   4244480   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28   2334208   ----a-w-   C:\Windows\System32\wininet.dll
2014-03-01 03:00:08   1964032   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16   1820160   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-02-18 00:28:46   96168   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-07 01:23:30   3156480   ----a-w-   C:\Windows\System32\win32k.sys
2014-01-29 02:32:18   484864   ----a-w-   C:\Windows\System32\wer.dll
2014-01-29 02:06:47   381440   ----a-w-   C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46   228864   ----a-w-   C:\Windows\System32\wwansvc.dll
2014-01-25 05:19:42   268512   ----a-w-   C:\Windows\System32\drivers\MpFilter.sys
2014-01-19 07:33:29   270496   ------w-   C:\Windows\System32\MpSigStub.exe
2014-01-09 02:22:42   5694464   ----a-w-   C:\Windows\SysWow64\mstscax.dll
2014-01-03 22:44:58   6574592   ----a-w-   C:\Windows\System32\mstscax.dll
2013-10-17 20:57:54   15641088   ----a-w-   C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 19:38:05.84 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/31/2012 11:54:37 AM
System Uptime: 3/31/2014 7:34:27 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AB5
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1846 GiB total, 1622.664 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.1 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 932 GiB total, 97.987 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP375: 3/20/2014 7:03:14 AM - Windows Update
RP376: 3/23/2014 7:00:16 PM - Windows Backup
RP377: 3/24/2014 7:25:17 AM - Windows Update
RP378: 3/24/2014 7:12:25 PM - Installed OpenOffice 4.0.1
RP379: 3/24/2014 10:31:55 PM - Removed OpenOffice 4.0.1
RP380: 3/28/2014 2:50:12 PM - Windows Update
RP381: 3/29/2014 2:23:44 PM - Windows Update
RP382: 3/30/2014 7:00:19 PM - Windows Backup
.
==== Installed Programs ======================
.
802.11n Wireless LAN Card
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
Bonjour
Canon Laser Printer/Scanner/Fax Extended Survey Program
Canon MF Toolbox 4.9.1.1.mf14
Canon MF4700 Series
CCleaner
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX for Managed Code Update (Summer 2004)
Dual Smart Solution
EPSON Artisan 50 Series Printer Uninstall
Epson Copy Utility 3.5
Epson Event Manager
EPSON Perfection V30/V300 Photo Scanner Driver Update
EPSON Scan
Facebook
Family Tree Maker 2012
Hallmark Card Studio 2010 Deluxe
Hewlett-Packard ACLM.NET v1.2.1.1
HP Application Assistant
HP Auto
HP Calendar
HP Client Services
HP Clock
HP Customer Experience Enhancements
HP LaserJet P1000 series
HP LinkUp
HP Magic Canvas
HP Magic Canvas Tutorials
HP Notes
HP Odometer
hp officejet v series
HP Photo Printing Software
HP RSS
HP Setup
HP Setup Manager
HP Share-to-Web
HP Support Assistant
HP Support Information
HP TouchSmart Background - Beats
HP TouchSmart RecipeBox
HP Update
HP Vision Hardware Diagnostics
HP Weather
HPSSupply
IDT Audio
Intel(R) Identity Protection Technology 1.2.22.0
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
IrfanView (remove only)
iTunes
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 2.00.0.1000
Mesh Runtime
Metric Converter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mathematics
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Driver 275.88
NVIDIA Control Panel 275.88
NVIDIA Graphics Driver 275.88
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
opensource
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Power2Go
Recovery Manager
Remote Graphics Receiver
Seagate Manager Installer
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Spotify
SumatraPDF
SUPERAntiSpyware
TSHostedAppLauncher
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
3/31/2014 7:08:25 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
3/30/2014 8:41:56 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR5.
3/29/2014 2:49:54 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
3/29/2014 2:49:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/29/2014 2:49:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/29/2014 2:49:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/29/2014 2:49:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/29/2014 2:49:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/29/2014 2:49:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/29/2014 2:49:14 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
3/29/2014 2:49:14 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/29/2014 2:49:08 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/29/2014 2:49:04 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
3/29/2014 2:49:03 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/29/2014 2:49:03 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/29/2014 2:49:03 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/29/2014 2:49:03 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/29/2014 2:49:03 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/29/2014 2:49:03 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
3/29/2014 2:49:03 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/29/2014 2:49:03 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/29/2014 2:49:03 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/29/2014 2:49:03 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/29/2014 2:49:03 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/29/2014 2:49:03 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
.
==== End Of File ===========================


Results of screen317's Security Check version 0.99.81 
Windows 7 Service Pack 1 x64 (UAC is disabled!) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Microsoft Security Essentials   
Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 7 Update 51 
Adobe Flash Player 12.0.0.77 
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````[/u] 
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbam.exe 
Malwarebytes Anti-Malware mbamscheduler.exe   
BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

Corrine

#1
April 01, 2014, 01:25:56 AM
Hi, Pam.

Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

1.  Before making changes to your computer, whether installing software or cleaning, it is always advisable to create a fresh System Restore point.  To create a restore point, do the following:

  • Click the Start button > right-click Computer > click Properties.
  • In the left pane, click System protection.  If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection tab, and then click Create.
  • In the System Protection dialog box, type a description, and then click Create.
  • Wait until the message appears that it is completed and then click close.
2.  Please download Junkware Removal Tool to your desktop.  <--Note:  The provided link is a direct download link.  Please save it to your desktop!

  • Close all open programs and internet browsers.
  • Run the tool by double-clicking it.  Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
3.  Please download Adware Cleaner by Xplode to your Desktop.  <--Note:  The provided link is a direct download link.  Please save it to your desktop!

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.  Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
Note:  With AdwCleaner, it will reset your Firefox Start Page.  To save a copy of your current start pages in Firefox, click Firefox > Options > Options and select the General tab.
Copy the information in the space provided next to "Home Page".


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Evenshade

#2
April 01, 2014, 08:50:07 PM
HI Corrinne,
Thank you for your help.  I did the system restore.  When you say "save it to your desktop" for the Junkware Removal Tool and the AdwCleaner...do you mean to save the link?  Or to save the programs themselves to my desktop.  And how do I do that?

winchester73

#3
April 01, 2014, 09:06:44 PM
To save a download to your desktop in Windows 7:

Click on the link Corrine provided you.

Click Save in the File Download window that appears.  Next, click Browse Folders in the lower left of the resulting window.



Now click Desktop in the left pane of the Save As window.



Don't change the File name and Save as type fields. Click "save" ... then "close" after the download finishes.

Do this for the other program, then follow her instructions to run the tools.


Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Evenshade

#4
April 01, 2014, 10:22:17 PM
Thank you, Winchester.  You pointed me in the right direction.  I found I had to change my Firefox settings to "always ask where to save file" instead of automatically saving it in downloads.  I hope that was ok.  I appreciate it.

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mastin on Tue 04/01/2014 at 18:03:24.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\tdataprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\updatebho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\wit4ie.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\browsercompanion
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\browsercompanion
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{277332A7-344D-47FD-861A-5D1E3E1E4A70}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{277332A7-344D-47FD-861A-5D1E3E1E4A70}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Mastin\appdata\local\babylon"
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{025AD505-6BF1-420A-9FE4-46C2CBE81564}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{1D0FA8E7-A17F-4D70-9C92-06108FBD71E0}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{1F27C572-AAFF-4E74-AFCB-86DF39D70FD5}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{2E24A6E5-A012-49D9-982B-38281857A77D}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{452E0BAD-7492-4852-AB97-45566C48F11D}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{4BF3C7EE-89A2-4971-AC3B-67FB583912D8}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{4EBAF468-7EBA-4FF2-922F-887A6CC9D38A}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{9537D36F-810F-4CED-968D-D821BC34EFAF}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{95B1E2BB-D155-464C-AB8E-CB916FA7AC05}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{A46FDAAB-5C9C-448A-8C14-EB863E4D848E}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{A61C8EF1-B86B-481D-AD5D-17EB49E3720A}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{AAB572F4-B155-44E4-8759-D5A8CC095CA3}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{AD00DA52-3C5C-4668-9CB3-7A6EB13CE243}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{C1E7CC9A-FB07-489A-86E4-CE68FF20573E}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{D09075AF-4FA6-48B5-AC92-72F6D62C5341}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{D1AC0328-D83E-4D0C-9E68-26F9554E38E1}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{DA1E3320-AD2B-40AA-BBC4-953F6FBAB9FF}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{EFD534B8-3E05-4FBA-9A95-600A62D4D4C4}
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{FAB69469-699C-4B9C-8238-C4777E59B192}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Mastin\AppData\Roaming\mozilla\firefox\profiles\din64304.default\user.js
Successfully deleted the following from C:\Users\Mastin\AppData\Roaming\mozilla\firefox\profiles\din64304.default\prefs.js

user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101385");
user_pref("extensions.BabylonToolbar_i.hardId", "e44887ab000000000000ac8112dbc6b0");
user_pref("extensions.BabylonToolbar_i.id", "e44887ab000000000000ac8112dbc6b0");
user_pref("extensions.BabylonToolbar_i.instlDay", "15430");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:43:54");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Emptied folder: C:\Users\Mastin\AppData\Roaming\mozilla\firefox\profiles\din64304.default\minidumps [154 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/01/2014 at 18:09:32.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




# AdwCleaner v3.023 - Report created 01/04/2014 at 18:16:22
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mastin - MASTIN-HP
# Running from : C:\Users\Mastin\Documents\LANDZDOWN PROGRAMS AND FILES\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Mastin\AppData\Local\PackageAware
File Deleted : C:\Users\Mastin\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.netvibes.com/privatepage/1#Forums_and_Blogs|hxxps://mail.google.com/mail/u/0/?pli=1#inbox/144d118cf8faad87|hxxps://www.google.com/calendar/render?pli=[...]

-\\ Google Chrome v

[ File : C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2337 octets] - [01/04/2014 18:15:14]
AdwCleaner[S0].txt - [2270 octets] - [01/04/2014 18:16:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2330 octets] ##########

winchester73

#5
April 01, 2014, 10:43:31 PM
Sorry, I missed Firefox in my quick glance at your logs.  How are things after running those two tools? There is some other cleanup to do once you report back.

I'm not far from you, near where 85 and 40 come together. I miss B's bbq, used to swing by there every couple of months on my trips east. :goodie:
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Evenshade

#6
April 01, 2014, 10:52:02 PM
B's is still here...it's a treasure.  :)   

"How are things after running those two tools?"
Shall I run Malwarebytes to see if it picks up anything and then report back to you?

Evenshade

#7
April 02, 2014, 12:20:59 AM
It dawned on me that you probably did want me to run Malwarebytes since you asked me how things were looking.  I did the "threat scan" and here is the log.  I see PUP is still listed with "warn" next to it.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/1/2014
Scan Time: 8:14:00 PM
Logfile: Malwarebytes scan 040114    8 16 pm.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.01.10
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mastin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 261279
Time Elapsed: 7 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Corrine

#8
April 02, 2014, 01:35:07 PM
Hi, Pam.

QuoteI see PUP is still listed with "warn" next to it.

That is the setting in MBAM.  You can keep it at warn or change the setting to quarantine under Settings > Detection and Protection.

If all is well now, go ahead and delete JRT from your desktop and then do the following to remove AdwCleaner:

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?" and let us know if you have any questions.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Evenshade

#9
April 02, 2014, 05:15:21 PM
Corrine,
Thank you so much.  You helped me years ago when I had a virus on another computer and you are so kind and patient to work with. Ravencajun had referred me to Landzdown when she was posting on Gardenweb.  Thanks from the bottom of my heart!   :hallo:
Pam

Corrine

#10
April 02, 2014, 06:56:20 PM
You are very welcome, Pam.  I am glad I was able to help.  Ravencajun is R-C here at LzD.  I suspect is busy with spring activities in her area of the world.

Donna will take good care of you with your husband's computer.  Her timing is perfect too because I suddenly have my hands full with real-life activities.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1
User actions